Create and manage secure passwords
- philviles
- Apr 29
- 2 min read
Updated: May 1
As World Password Day approaches on the first Thursday of the month of May, it's an opportune moment to revisit the National Cyber Security Centre's (NCSC) latest guidance on creating and managing secure passwords.

In an era where cyber threats are increasingly sophisticated, adopting robust password practices is essential for safeguarding personal and organisational data.
Embrace the "Three Random Words" Strategy
The NCSC advocates for the use of passwords composed of three random words. This approach balances memorability with strength, making passwords harder for cybercriminals to crack while remaining user-friendly.
For instance, a password like "sunflowerbicyclecoffee" is both unique and easier to remember than complex strings of characters. Never use “Password123” or “123456” or any variation that can be easily guessed. You’d be surprised just how many people use ‘guessable’ passwords. See 23m people used 123456 as a password.
It's also crucial to avoid common or predictable word combinations. Research indicates that passwords using common words can be more susceptible to cracking attempts. Opt for words that are unrelated and personally insignificant to enhance security.
Strengthen Your Email Security
Your email account often serves as a gateway to other online services. Therefore, it's vital to use a strong, unique password for your email and enable two-factor authentication (2FA) or event multi-factor authentication to add extra layers of protection.
Utilise Password Managers
Managing multiple strong passwords can be challenging. Password managers are recommended tools that securely store and manage your passwords. They can generate complex passwords and autofill login credentials, reducing the risk of password reuse and simplifying the login process.
Avoid Frequent Password Changes
Contrary to past practices, the NCSC advises against regular password changes unless there is evidence of a security breach. Frequent changes can lead to weaker passwords and increased user frustration. Focus on creating strong, memorable passwords and changing them only when necessary.
Additional Tips for Password Security
Avoid Predictable Patterns: Steer clear of using easily guessable information such as birthdays or common phrases.
Enable Two-Factor Authentication: Where available, activate 2FA or MFA to provide additional security layers.
Be Cautious with Password Sharing: Never share your passwords, and be wary of phishing attempts seeking your credentials.
Regularly Review Account Security: Periodically check your accounts for unauthorised access and update security settings as needed.
By adhering to these guidelines, you can significantly enhance your online security. World Password Day serves as a timely reminder to evaluate and improve your password practices. For more detailed information, visit the NCSC's official website: www.ncsc.gov.uk.
Reporting
Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).
Comments