Photo by Yura Fresh on Unsplash

PASSWORDS 101 - How to get it right!

In this blogpost, we will cover how to choose a good, strong but easy to remember password, and some of the big password no no’s, we will also look at ways of managing your passwords and finding out if you need to change one or more of them!


Photo by Franck on Unsplash

So firstly, password strengths, how do you choose a strong password? Well there are many website available where you can generate what they call strong passwords, these usually come in the form on 16 characters, with Upper Case, lower case, numbers and special characters (I.E. !ӣ$%^&*@:_) but these are almost always extremely hard to remember, meaning you will have to write them down somewhere, most likely a sticky note and this then defeats the object of the password, after all it might as well be password if your going to write it down for the world to see!

But how do you then choose a strong password that is easy to remember… Simple, you choose words that mean something to you, or that are associated with the application your using to generate a good, strong password, for example, I am setting up my online banking, I am asked for a strong password, I choose InMoneyOutAccount, I have a 17 character password with both Upper Case and lower case, and if I wanted to be really secure, I swap out the Os for 0s so my final password looks like: InM0ney0utAcc0unt.

Now some companies will require that all important Special Character, don’t be silly with it, add one at the beginning, middle or end, it won’t make much of a difference if the rest of your password is very secure, just remember where you put it!

    Photo by Dan Nelson on Unsplash

    Faux Pas

    What are the biggest password faux pas I hear you ask, well here are a few to keep you entertained:

    1. 1 in 5 Educational establishments do not make users change their passwords regularly.
    2. 27% of Education staff admit that they use the same password for school access as well as other platforms.
    3. 45% of users don’t see the point in changing their passwords on a regular basis.
    4. 500 UK Law firms stored their client passwords in plain text (like a sticky note) and these were leaked onto the dark web.
    5. White house staff wrote down their email address and password and left it at a Washington Bus Stop.
    6. The United Nations for its staff failing to password-protect collaboration projects using Trello, Jira, and Google Docs. Anyone with the right link could access secret plans, international communications and plaintext passwords.
    7. Cryptocurrency owners for failing to remember their passwords to their digital wallets in order to cash out while cryptocurrencies were at record-level highs.
    8. University of Cambridge for leaving a password in plain text on GitHub, allowing anyone to access the data of millions of people — data that had been extracted from the Facebook quiz app myPersonality.
    9. The Pentagon for protecting weapon systems with default passwords, as well have having such appalling admin passwords that audit teams could guess them in just nine seconds.
    10. Facebook announced that they found 200 to 600 million Facebook account passwords dating back to 2012 exposed in plain text and available to more than 20,000 Facebook employees. 

    Password Managers

    Password managers are special applications that can usually be shared across multiple devices and operating systems, and make it really easy to remember those ridiculous passwords that you have now changed all of your login information to use.

    We utilise a few different password managers here at The Haven, first off we use LastPass to secure our information and the sensitive information of our clients, all of this is held in the cloud in secure data centres, backed up by multiple, strong encryption algorithms that can only ever be decrypted by your registered devices, this ensures that this is one of the best solutions available today.

    We also use BitWarden, this is an open source password manager and completely customisable, this solution is perfect for those who want to ensure their own security and availability of their secure information.

    Photo by Towfiqu barbhuiya on Unsplash

    Checking your logins

    LastPass and other managers also include handy features to check to see if your login credentials have ever been included in a data breach that has been leaked to the dark web, this comes in especially handy when you are worried if your passwords need to be changed. You can also check on websites like “Have I Been Pwned”, they also have an RSS feed that shows all of the breaches that have been reported.


    Thank you for taking the time to get to the bottom, and for any of you that need advice in regards to Passwords or Cyber Security in general, please do reach out and contact us, we are always happy to help.

    I hope you have found it insightful, and if you want any more information or to discuss anything further, please feel free to drop us an email or a call and we can arrange a chat.

    If you want to read some of our other blogs, you can see them here!

    Thank you for reading, I hope you have found it insightful, and if you want any more information or to discuss anything further, please feel free to drop us an email or a call and we can arrange a chat.

    0161 826 2303

    Helping you stay Safe and Secure online!

    Published by George Russell-Roberts (Digital Marketing Assistant)