Is My Password A Good Password?

This is something I have been asked about many times over the years and basically the password is a secure as you make it. We all have our own idiosyncrasies for the way we ‘design’ our passwords, myself included, but how secure do we make them?

The vast majority of people use either the names of their children or pets as a password and dates of birth for PINs and other number based passwords. Quite often these passwords are no longer than about 6-8 letters or numbers but does this help?

The Telegraph has published the top 25 worst passwords (from SplashData) and these are:

1. password

2. 123456

3. 12345678

4. qwerty

5. abc123

6. monkey

7. 1234567

8. letmein

9. trustno1

10. dragon

11. baseball

12. 111111

13. iloveyou

14. master

15. sunshine

16. ashley

17. bailey

18. passw0rd

19. shadow

20. 123123

21. 654321

22. superman

23. qazwsx

24. michael

25. football

It may help you as it is easy to remember but it also helps the hackers of this world as it will be easy to get your password and access your computer. If you use names and dates of birth as passwords, anyone who wanted to hack into your PC would try these as a first port of call as they are the easiest way to try. Therefore, the best thing to do is mix up your password by using upper-case letters randomly placed throughout the word, add in some numbers and maybe even a symbol or two.

For example, let’s say I decide to use a pet name like Rover. This would be easy to remember and quick to type in but it is something that someone could find out about me. Therefore, what I should be looking at is making it something like rOveR-07. This introduces mixed case in the word, a symbol “-“ and numbers (these representing the year he arrived). This would be harder to crack than just the one word name and I would suggest that you all look at your passwords to see that they are like this.

Some of you will remember the debacle in October 2007 when HM Revenue & Customs lost the records of 25 million child benefit recipients. This caused untold panic as a lot of people had used their children’s names as passwords and we were then telling them all to change passwords quickly to prevent any possible attack on their accounts etc.

The vast majority of us also use Windows as a computer operating system which is probably one of the ‘friendliest’ systems around. It offers to remember your password for any website you want to visit where you have to log in. This is done by windows holding it in two blocks of seven so my password rOveR-07 would be held on Windows as rOveR-0 : 7 in its memory blocks. Now this is really useful as it means I do not have to remember the password and, if I forget it, the website will either reset it for me or give me a hint as to what it is.

The only problem is that there is software available that can be run on your computer and within 30 minutes will give me all your account details and their passwords. Therefore, the only really secure password is one that is mixed case, symbol and number and over 14 characters in length. Why? Simple, if it is over 14 characters, Windows cannot remember it so nobody can get hold of it. I would suggest that if you are storing sensitive information you use this type of password as you can never be too safe. Facebook is reporting that there are over 600,000 attempts per day to hack into accounts so this really brings it into perspective!

Some top industry tips for passwords:

– Vary different types of characters in your passwords; include numbers, letters and special characters when possible.

– Choose passwords of eight characters or more. Separate short words with spaces or underscores.

– Don’t use the same password and username combination for multiple websites. Use an online password manager to keep track of your different accounts

If you have any concerns that you or your company may not have safe passwords or just want more information, please feel free to contact KPG Professional Services on or by calling 07413 943228 for help and guidance.

About KPG Professional Services

Kevin has been working in the Data Protection field for over 20 years with The Post Office, Royal Mail Marketing, The Royal Bank of Scotland and Glasgow Housing Association Ltd. He is also trained in the Freedom of Information (Scotland) Act 2002 and has supplied expertise and support in this discipline for the past 4 years. In his leisure time Kevin is a presenter on Hospital Radio, an SRU rugby referee and referee coach and also the stadium announcer at McDiarmid Park for his team St Johnstone in the Scottish Premier League.
This entry was posted in Blagging, Cookies, Data Protection, Fixing Facebook, Information Security, Password, Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s