top of page

Create and manage secure passwords

Updated: May 1

As World Password Day approaches on the first Thursday of the month of May, it's an opportune moment to revisit the National Cyber Security Centre's (NCSC) latest guidance on creating and managing secure passwords.


In an era where cyber threats are increasingly sophisticated, adopting robust password practices is essential for safeguarding personal and organisational data.​


Embrace the "Three Random Words" Strategy


The NCSC advocates for the use of passwords composed of three random words. This approach balances memorability with strength, making passwords harder for cybercriminals to crack while remaining user-friendly.


For instance, a password like "sunflowerbicyclecoffee" is both unique and easier to remember than complex strings of characters.​ Never use “Password123” or “123456” or any variation that can be easily guessed. You’d be surprised just how many people use ‘guessable’ passwords. See 23m people used 123456 as a password.


It's also crucial to avoid common or predictable word combinations. Research indicates that passwords using common words can be more susceptible to cracking attempts. Opt for words that are unrelated and personally insignificant to enhance security.​


Strengthen Your Email Security


Your email account often serves as a gateway to other online services. Therefore, it's vital to use a strong, unique password for your email and enable two-factor authentication (2FA) or event multi-factor authentication to add extra layers of protection.



Utilise Password Managers


Managing multiple strong passwords can be challenging. Password managers are recommended tools that securely store and manage your passwords. They can generate complex passwords and autofill login credentials, reducing the risk of password reuse and simplifying the login process.


Avoid Frequent Password Changes


Contrary to past practices, the NCSC advises against regular password changes unless there is evidence of a security breach. Frequent changes can lead to weaker passwords and increased user frustration. Focus on creating strong, memorable passwords and changing them only when necessary.


Additional Tips for Password Security


  • Avoid Predictable Patterns: Steer clear of using easily guessable information such as birthdays or common phrases.​ 

  • Enable Two-Factor Authentication: Where available, activate 2FA or MFA to provide additional security layers.​ 

  • Be Cautious with Password Sharing: Never share your passwords, and be wary of phishing attempts seeking your credentials.​ 

  • Regularly Review Account Security: Periodically check your accounts for unauthorised access and update security settings as needed.​

 

By adhering to these guidelines, you can significantly enhance your online security. World Password Day serves as a timely reminder to evaluate and improve your password practices. For more detailed information, visit the NCSC's official website: www.ncsc.gov.uk.


Reporting

Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).


 
 
 

Comments


The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.

 

EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page