InfoSec / Cyber

    You are here:  
  1. Home
  2. InfoSec / Cyber
  3. October 27. Passwords
"A graphic announcing 'October is Cyber Security Awareness Month,' with text explaining the importance of creating a cyber emergency contact list in preparation for a cyber attack. It also includes a 'Cyber tip' to assess passwords, turn on MFA, and review critical accounts, especially email. A shield icon with a checkmark and a lightbulb icon are visible."
Information/Cyber Security

October 27. Passwords

Your password is your first, and often most critical, line of defence. Yet, far too many people still rely on easily guessable combinations like "123456" or "password," leaving their digital lives wide open to attack. Cybercriminals use sophisticated tools to crack weak passwords in seconds, and is one of the easiest forms of attack - low risk.

A truly strong password is long, complex, and unique. Forget single words; think of a memorable passphrase. Aim for at least 12-16 characters, incorporating a mix of uppercase and lowercase letters, numbers, and special symbols (!@#$%^&*). Instead of "Fido," try "MyDogFidoLovesBones!24/7." Avoid using personal information that can be easily found online, like birthdays, pet names, or family members' names. Most importantly, never reuse passwords across multiple accounts. If one account is breached, all others using the same password become vulnerable. Consider using a reputable password manager to securely store and generate complex, unique passwords for all your accounts, so you only need to remember one master password.

Passwords are a fundamental aspect of cybersecurity as they act as the first line of defence in protecting sensitive data, systems, and user accounts from unauthorised access

What Makes a Truly Strong Password?

A truly robust password isn't just about length; it's a combination of three essential qualities: length, complexity, and uniqueness.

  1. Length is Strength: The longer your password, the harder it is to crack. While 8 characters used to be the standard, modern recommendations suggest a minimum of 12 to 16 characters or more. Think of it like building a wall – the taller and wider it is, the more difficult it is to scale.

  2. Complexity is Key: Don't just pick a long string of simple words. A strong password should be a diverse mix of:

    • Uppercase letters (A, B, C...)

    • Lowercase letters (a, b, c...)

    • Numbers (1, 2, 3...)

    • Special symbols (!, @, #, $, %, ^, &, *) This variety significantly increases the number of possible combinations, making it far more challenging for automated cracking tools.

  3. Uniqueness is Non-Negotiable: This is perhaps the most overlooked, yet most critical, aspect. Never reuse passwords across multiple accounts. Imagine if you use the same key for your house, your car, and your office. If one key is stolen, everything is compromised. The same applies to your digital life. If a data breach occurs on one website you use, and you've recycled that password, suddenly all your other accounts using the same password are at immediate risk.

 Creating Memorable and Secure Passwords

Trying to remember a complex, unique password for every single online account can feel impossible. This is where clever strategies come in:

  • The Passphrase Method: Instead of a single word, think of a memorable phrase that's personal to you, then adapt it with numbers and symbols. For example, "MyDogFidoLovesBones!24/7" is long, complex, unique, and easier to remember than a random string of characters.

  • The First-Letter Method: Take the first letter of each word in a phrase, then add numbers and symbols. "I love to drink coffee in the morning!" could become "Iltdcitm!1#".

  • Avoid Personal Information: Steer clear of using easily guessable information like your birthday, pet's name, street name, or family members' names. Cybercriminals often gather this information from social media or public records.

The Ultimate Solution: Password Managers

For the average person managing dozens, if not hundreds, of online accounts, the best practice for creating and managing strong, unique passwords is to use a reputable password manager. These applications:

  • Generate Strong Passwords: They can automatically create incredibly complex and truly random passwords that would be impossible for a human to remember.

  • Securely Store Passwords: All your login credentials are encrypted and stored in a secure digital vault, protected by one strong master password that only you know.

  • Auto-Fill Login Details: Many password managers can automatically fill in your usernames and passwords on websites, saving you time and preventing typos.

  • Identify Reused or Weak Passwords: Many come with auditing features that can highlight weak, old, or reused passwords, prompting you to update them.

By offloading the burden of memorisation to a secure password manager, you empower yourself to use an uncrackable, unique password for every single online account, dramatically fortifying your digital defenses.

In essence, your password is the digital key to your personal data and online identity. Treating it with the importance it deserves is the foundational step in protecting yourself from the ever-present dangers of the cyber world.

💡Today's Cyber Tip: Don't  Use Duplicate Passwords!

Never reuse passwords across multiple accounts. If cybercriminals breach one website and get your login, they'll immediately try that same password on all your other accounts – email, banking, social media. Make every password unique to prevent one breach from becoming a digital disaster.

The NIST website provides the latest advice and guidance about passwords: NIST Digital Identity Guidelines.

Our customers should review: DPE Password Best Practice Area

Train staff about good password practice:
Learning Nugget: Password Security

Put up posters around your organisation to remind staff about password security:
pdf Create a strong password - DOs and what to avoid(121 KB)
pdf Keep it strong - keep it long(132 KB)
pdf Where do you write your passwords(172 KB)

Consider a  document Model Password Policy template(74 KB)  for your organisation.

Review the DfE Meeting Digital and Technology Standards in Schools and Colleges : which has password advice.  We can provide further help, guidance and trackers to assess where you are now and monitor your progress 👉 https://digitalstandardstracker.co.uk/

Review:  NCSC Password Guidance and NCSC Password Policy.

Review DPE's previous articles about passwords:
{article title="Passwords – simplifying the approach"}[link][title][/link]
[readmore]{/article}
{article title="October is Cyber Security Awareness Month: 27. Passwords"}[link][title][/link]
[readmore]{/article}
{article title="October is Cyber Security Awareness Month: 14. Access Control (MFA)"}[link][title][/link]
[readmore]{/article}
{article title="Types of Cyber Attacks: Password Attacks"}[link][title][/link]
[readmore]{/article}
{article title="A guide to multi-factor authentication"}[link][title][/link]
[readmore]{/article}

Review the latest information from NIST about password guidance:


Watch our free micro learning video about Password Management:


DPE Knowledge Bank Guidance and Support:


For schools and colleges, six of the DfE Digital Standards are now mandatory. We have a DfE Digital Standards Tracker tool help you track your cyber resilience and your progress: 

   

Review our Cyber Security Best Practice Area for micro learning, support, guidance and policies:



Why not have a look at our 'specialist' trainer Harry the Hacker :

©2025 Data Protection Education Ltd.

Search