top of page
Search

How secure are your passwords?



Ever wonder how safe your passwords really are? Well, you’re not alone. Last year, a whopping 35,434 people reported their email or social media accounts being hacked. That’s a lot of people waking up to find out someone’s been snooping through their private stuff, or worse, stealing their identity. 

 

So, how do you make sure this doesn’t happen to you? And what makes a password as secure as possible? We’re going to be sharing our tips and advice from the National Cyber Security Centre (NCSC). 

 

The problem with weak passwords 

Most of us have used a weak password at some point. Maybe it’s something easy to remember like “123456,” “password1,” or your dog’s name followed by “2025.” Sound familiar? Unfortunately, these kinds of passwords are an open invitation to hackers. 

 

Hackers use brute-force attacks where they try thousands of possible combinations until they crack your password. And with weak passwords, it doesn’t take long. In fact, “123456” is STILL one of the most commonly used passwords in 2025. Shocking, right? If your password is easy to guess, it’s only a matter of time before someone gains access to your accounts. 

 

What hackers can do with your password 

So, what’s the worst that could happen if someone gets your password? Unfortunately, the consequences can be pretty scary. 

 

Unauthorised access 

Hackers can break into your email, social media, or even bank accounts. Once they’re in, they can send fake messages, steal your private information, or lock you out completely. 

 

Data breaches 

Weak passwords make it easier for hackers to crack into company accounts, leading to massive data breaches that can expose thousands (or even millions) of people’s sensitive data. 

 

Identity theft 

With access to your personal info, hackers can impersonate you online, open new accounts, or even drain your bank account.  

 

How to make your passwords stronger 

Now that we’ve scared you a little (sorry about that), let’s talk about how to fix it. Luckily, it’s not as complicated as it sounds. 

 

Use strong, unique passwords 

A strong password is at least 12 characters long and includes a mix of: 

  • Uppercase and lowercase letters 

  • Numbers 

  • Special characters (@, $, &, etc.) 

 

And don’t reuse passwords across multiple accounts! If one account gets compromised, hackers could easily access everything else. 

 

Follow the “three random words” rule 

The National Cyber Security Centre (NCSC) recommends using three random words to create a password that’s easy to remember but tough to crack. Something like:  

 

RainbowPizzaCactus 

 

Add a few numbers or special characters, and you’ve got yourself a solid, hacker-proof password. For example:  ra1nbowPizzaC@ctus! 

 

(Hopefully it goes without saying, but please don’t use this exact example for your own passwords!) 

 

Use a password manager 

If you’re thinking, “There’s no way I can remember a bunch of complicated passwords,” you’re not alone. That’s where password managers come in. A password manager generates and stores all your passwords securely, so you only need to remember one master password. It’s very handy if you’re juggling multiple accounts. 

 

Turn on 2-step verification (2SV) 

Want to double your protection? Turn on 2-step verification (2SV). With 2SV enabled, even if someone gets your password, they can’t access your account without the second verification step, like a code sent to your phone or generated by an app. You can take this even further by enabling multi-factor authentication (MFA), which requires multiple verifications before you can access your account. 

 

Is your password up to scratch? 

Want to see how your current passwords measure up? Here’s a quick checklist: 

 

  • Is it at least 12 characters long? 

  • Does it include a mix of letters, numbers, and special characters? 

  • Is it unique to each account? 

  • Have you turned on 2SV for extra protection? 

 

Pro tips for better passwords 

  • Don’t use a capital letter at the start. Hackers expect this pattern. Mix things up! 

  • Add special characters to increase complexity. 

  • Avoid personal details. Birthdays, pet names, and favourite sports teams are way too easy to guess. 

 

 

Need help with your organisation’s cybersecurity? Contact us today to find out how we can help.  

Comments

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the West Midlands is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others.  Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the West Midlands provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

 

The Cyber Resilience Centre for the West Midlands does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the West Midlands is not responsible for the content of external internet sites that link to this site or which are linked from it.

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the West Midlands is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others.  Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the West Midlands provides affordable services and Cyber Essentials Partners if you need specific support. For specific questions please contact us.

 

The Cyber Resilience Centre for the West Midlands does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the West Midlands is not responsible for the content of external internet sites that link to this site or which are linked from it.

WMCRC Logo New white.webp

The Cyber Resilience Centre for the West Midlands is a trusted resource for  support to protect businesses and third sector organisations in the West Midlands region.

USEFUL LINKS

Home

About Us

Contact Us

Privacy Policy

Terms and Conditions 

Legal Disclaimer

CONNECT WITH US

  • Facebook
  • LinkedIn
  • X

© 2024 The Cyber Resilience Centre for the West Midlands

bottom of page