How to create a strong password

A strong password is one of the simplest and most effective defences in cybersecurity. It acts as a first line of protection against unauthorised access to your personal, financial, and professional information. Weak passwords, however, make it easier for cybercriminals to infiltrate systems, steal identities, and commit all sorts of fraud.

According to the 2023 Verizon Data Breach Investigations Report, 80% of data breaches involve weak or stolen passwords, which shows just how critical password security is in preventing cyberattacks.

What Can Happen If You Use Weak Passwords?

Weak passwords (like the classic “123456”) or easily guessable personal information like birthdays are quickly cracked using automated tools, brute-force attacks or dictionary attacks. And once a hacker gains access to a single weak account, they can often use the same password to access other systems if you’ve reused it (and anyone who uses a weak password is almost certainly using the same weak password elsewhere!)

The consequences of compromised passwords can include:

• Identity theft – Personal data can be used to open bank accounts, apply for loans, or commit crimes in your name.
• Financial loss – Hackers can gain access to banking apps, e-commerce accounts, or digital wallets.
• Compromised sensitive data – Confidential documents, photos, or company secrets can be stolen or leaked.
• Reputational damage – For individuals and organisations, data breaches can erode trust and lead to legal or regulatory penalties.

Commonly used passwords to avoid

Despite warnings and the increasing danger, many people still use easily guessable passwords. NordPass’s 2024 analysis revealed that, somewhat surprisingly, “123456,” “password,” and “qwerty” remain among the most commonly used passwords. 

It may even be considered rather embarrassing for the people of the world that the three most commonly used passwords are “123456”, followed by “123456789”, and then, third in the list, “12345678”. In other words, a lot of people need to read this!

It’s important to recognise that using such passwords significantly increases the risk of unauthorised access to your accounts. So, let’s look at how to turn things around.

What is the “8-4 rule” password rule?

The 8-4 Rule suggests creating passwords with at least eight characters, including four types of characters: uppercase letters, lowercase letters, numbers, and special symbols. This combination ensures that a password is complex enough to make it challenging to crack, at the very least.

Key principles for strong passwords

While the 8-4 Rule should work for your online accounts, here’s everything to keep in mind for a rock-solid password:

• Length – Use at least 12 characters – 14 or more is even better.
• Complexity – Include a mix of uppercase and lowercase letters, numbers, and special characters (e.g., @, #, $, *).
• Uniqueness – Never reuse previous passwords or share passwords across different accounts. Each password should be unique.
• Avoidance – Stay away from personal info (like birthdays or pet names), dictionary words, or easy patterns like 123456 or qwerty.
• Randomness – Use a password manager or random password generators to create complex and unpredictable passwords.
• Memorability – Consider using a passphrase – a string of unrelated words or a sentence that’s easy for you to remember, but hard for others to guess.

Examples of strong passwords 

Here are some strong password examples and what makes them so good to use:

• @9r!Xe#7uBt$ – (Random string of characters)
• %3L&n0*SkyRunner! – (Random string with 12+ characters)
• OceanDrift22+Pine^ – (Passphrase combining unrelated terms and symbols)
• 5OwlsSing@Midnight – (Passphrase with numbers and symbols)
• L1sa’sB!rthd@y1988 – (Memorable phrase with symbols)
• !Hidden^In#MyC0d3R00m – (Password with a hobby reference and complexity)
• c0ff33isMyF@vDr1nk – (Password with letter/number substitutions)
• R@in-Bow$-Fly-Hi-Together – (Password with substitutions and a long phrase)

Are three random words effective?

The UK’s National Cyber Security Centre recommends using three random words to create strong passwords, such as HorseBatteryStaple. The NCSC recommends this type of password because it is strong enough for many purposes and can be remembered much more easily than the examples above. This is useful for those who are reluctant to use a free password generator or password management tools. 

However, recent reports indicate that 77% of such passwords can be cracked by law enforcement using advanced tools. So, to enhance security, consider adding numbers and special characters to your passphrase or involving another step, like multifactor authentication.

How often should you change your password?

While many think that frequently changing all your passwords is good for security, and most password policies insist on regular changes, this is not actually ideal. It’s advised to instead only change your password if you suspect it has been compromised or in response to a security breach. Instead, focus on creating strong, unique passwords and changing them only when necessary.

Is it okay to reuse passwords? 

Reusing passwords across multiple accounts (even if that’s just all your social media accounts) increases vulnerability. If one account is compromised, attackers can access other accounts using the same credentials – a tactic known as credential stuffing. To mitigate this risk, it’s crucial to use unique passwords for all your accounts. Fortunately, a strong password generator will do the trick.

Sharing passwords safely

Sometimes it’s necessary to share passwords, especially in work environments or among family members managing shared accounts. However, how you share passwords matters. Sending credentials through email, SMS, or messaging apps like WhatsApp or Slack can be highly insecure, as these channels are often unencrypted or vulnerable to interception, especially if the device or network is compromised.

Here are some best practices to keep in mind when sharing passwords:

• Only share when absolutely necessary, and revoke access as soon as it’s no longer needed.
• Use tools that support expiry, access tracking, and revocation.
• Avoid sharing master passwords (e.g. to your password manager).
• Encourage the person you’re sharing the password with to use a password manager, and share it via that.

Enhance your security with Airband Protect

For Airband customers, our Airband Protect add-on offers advanced security features to safeguard your internet connection. From real-time threat detection to secure browsing, Airband Protect provides an extra layer of defence against cyber threats.

By implementing these practices, you can significantly enhance your online security and protect your personal details and information from cyber threats. Contact our sales team on 01905 676 121 to find out more, or use our broadband coverage checker to see if you’re in coverage.