Passwords are often the first line of defence in protecting your online accounts—but not all passwords are created equal. So, what makes a good password?
In last month’s Newsletter one-question quiz, we asked:
Which of these is the strongest password?
Qwerty123!
P@ssw0rd
PE#5GZ29PTZMSE
Stop Hammer Time!
ToyotaCorolla99
At first glance, you might be drawn to the one packed with numbers and symbols, but the answer might surprise you.
The Answer Was….
For those of you who answered, “Stop Hammer Time!” – well done! You nailed it! (That’s the last hammer and nail pun for this article).
For those who selected “PE#5GZ29PTZMSE” which does have some of the right attributes – it was a bit of a trick answer! At face value this password looks great; but what if we told you that according to sources such as HaveIBeenPwned (more about them further on) this password had been seen in breaches over 200,000 times globally! So, you can bank on the fact that the threat actors out there have this password in their special lists/dictionaries to test when trying to break into an account.
So what made this a strong password?
At a basic guideline – this passphrase contained capital letters, lowercase and special characters (being the exclamation point at the end as well as the spaces between each word) – combined with a total of 17 characters.
This ticks several of the recommended complexity features to make things that bit harder for threat actors to guess or break into, but easy to recall when you need to use it.
What is HaveIBeenPwned and how can it help me with my password strength?
https://haveibeenpwned.com/ is a website and service backed by a database of credentials that have been sighted in breaches both on the normal internet or ‘clearweb’, and the ‘darkweb’ where nefarious types publish and sell these credentials to others for use.
Use HaveIbeenPwned to check if your email or passwords have been exposed in data breaches. If they have, switch to a strong passphrase to make it harder for attackers to crack.
Now that my passwords are nice and secure what’s next?
Securing your accounts doesn’t end with strong passwords. The next—and arguably most critical—step is enabling multi-factor authentication (MFA).
MFA adds an extra layer of protection by requiring a second step to verify your identity, such as:
A one-time code sent to your phone or email
An authentication app prompt
A physical security key
Even if a cybercriminal manages to get hold of your password, MFA makes it significantly harder for them to access your accounts. This simple step stops countless breaches every year.
Our next Inside Edge feature will dive deep into why MFA is a game-changer for your security, how it works, and the easiest ways to implement it in both your personal and professional life.
👉 Want to make sure you don’t miss it?
Sign up for our newsletter below to catch the full MFA guide in next month’s edition.
Can’t wait or want tailored advice? Reach out to our team today—we’re always happy to help you take your cybersecurity to the next level.