Skip to main content

What makes the best password?

29th January 2025

The National Cyber Security Centre (NCSC) found that 23.2 million victims of cybercrime used the password '123456'* - surely we can do better than that?

Passwords can be tricky. You want your password to be complicated enough that a cyber criminal couldn’t guess what it is, but it can’t be so complex that you can’t keep track of it: I know I’ve forgotten mine on more than one occasion!

Here are our top ten tips, based on information from the NCSC*2, for creating the perfect password:

1. Ensure your password is strong

We’re starting with the basics, but this is key: the more diverse letters, cases, symbols and numbers you have, the stronger it is.

2. Use different passwords for different accounts

It is bad enough if a hacker obtains the password for your email account, but what if you used that same password for all your accounts? The hacker would have access to everything! By using unique passwords, you ensure that even if one is compromised, the rest remain secure.

3. Change any default passwords

Immediately replace default passwords given by devices or services. If that service or device is compromised, so is your password.

4. Avoid common phrases

Making ‘password’ your password is a bad idea: make it unique.

5. Don’t rely on security questions

Security questions – ‘What was the name of your first pet?’ for example – can be too easily researched or guessed.

6. Review password policies

As guidelines change it is good to stay updated to avoid emerging threats – check the NCSC website*3 for the newest recommendations.

7. Use password managers

Generate and store complex passwords securely.

8. Establish 2FA

Two-factor authentication (2FA) adds an extra layer of security. By asking you to input a code from an app or your phone, it means that if your password is breached, hackers can’t easily access your account.

9. Avoid mandatory password changes

When they have to update them frequently, people become lazier with their passwords or just repeat variations of the first one. It is best to only update a password when it is compromised.

10. Have the best security system possible

The quality of your password won’t matter if you cyber security isn’t up to scratch: ensure your system is protected.

Passwords aren’t perfect: even most unique ones can still be breached. However, a combination of these steps will ensure your passwords remain as secure as it can.

If you have any further questions regarding password best practice, please contact [email protected].

*https://www.ncsc.gov.uk/pdfs/news/most-hacked-passwords-revealed-as-uk-cyber-survey-exposes-gaps-in-online-security.pdf

*2https://www.ncsc.gov.uk/collection/passwords/updating-your-approach

*3https://www.ncsc.gov.uk/

Back to top