Skip to content

What makes a good password, and why this is important!

Passwords are often the first line of defence in protecting your online accounts—but not all passwords are created equal. So, what makes a good password?

In last month’s Newsletter one-question quiz, we asked:

Which of these is the strongest password?

  • Qwerty123!

  • P@ssw0rd

  • PE#5GZ29PTZMSE

  • Stop Hammer Time!

  • ToyotaCorolla99

At first glance, you might be drawn to the one packed with numbers and symbols, but the answer might surprise you.

The Answer Was….

For those of you who answered, “Stop Hammer Time!” – well done! You nailed it! (That’s the last hammer and nail pun for this article).

For those who selected “PE#5GZ29PTZMSE” which does have some of the right attributes – it was a bit of a trick answer! At face value this password looks great; but what if we told you that according to sources such as HaveIBeenPwned (more about them further on) this password had been seen in breaches over 200,000 times globally! So, you can bank on the fact that the threat actors out there have this password in their special lists/dictionaries to test when trying to break into an account.

So what made this a strong password?   

At a basic guideline – this passphrase contained capital letters, lowercase and special characters (being the exclamation point at the end as well as the spaces between each word) – combined with a total of 17 characters.

This ticks several of the recommended complexity features to make things that bit harder for threat actors to guess or break into, but easy to recall when you need to use it.

What is HaveIBeenPwned and how can it help me with my password strength? 

https://haveibeenpwned.com/ is a website and service backed by a database of credentials that have been sighted in breaches both on the normal internet or ‘clearweb’, and the ‘darkweb’ where nefarious types publish and sell these credentials to others for use.

Use HaveIbeenPwned to check if your email or passwords have been exposed in data breaches. If they have, switch to a strong passphrase to make it harder for attackers to crack.

Now that my passwords are nice and secure what’s next? 

Securing your accounts doesn’t end with strong passwords. The next—and arguably most critical—step is enabling multi-factor authentication (MFA).

MFA adds an extra layer of protection by requiring a second step to verify your identity, such as:

  • A one-time code sent to your phone or email

  • An authentication app prompt

  • A physical security key

Even if a cybercriminal manages to get hold of your password, MFA makes it significantly harder for them to access your accounts. This simple step stops countless breaches every year.

Our next Inside Edge feature will dive deep into why MFA is a game-changer for your security, how it works, and the easiest ways to implement it in both your personal and professional life.

👉 Want to make sure you don’t miss it?

  • Sign up for our newsletter below to catch the full MFA guide in next month’s edition.

  • Can’t wait or want tailored advice? Reach out to our team today—we’re always happy to help you take your cybersecurity to the next level.

Facebook
Twitter
LinkedIn

Related Posts

Never in all my life did I imagine I had that headline in me, and yet, here we are. With that acknowledgement aside, let’s get straight into it. Slopsquatting.
Nothing throws your day off like a frozen screen or a sluggish computer. If you run a small business, you’ve probably dealt with outdated tech more than once. Sure, squeezing extra life out of old equipment feels economical, but it often costs more in the long run.
So, in recent times we’ve seen airline Qantas falling victim to a cyberattack which hit a third-party contact centre platform potentially exposing personal details of up to 6 million customers. On the NZ side of the ditch, New World took an arrow to the knee with a password spraying attack.