Cyber security

Beyond 'Password123': Strategies for strong and unique passwords

17 October 2023

In an increasingly digital world, the importance of safeguarding your online presence cannot be overstated. Cyber security is paramount, and at the heart of it is the creation of robust, strong passwords. The UK's National Cyber Security Centre (NCSC) has outlined four fundamental steps to help you master the art of crafting a stronger password.

4 fundamental steps to create your strengthened password 

1. Password diversity 

Imagine having one key for your house, car, and office. If that single key were lost or stolen, your security for all these areas would be compromised. Similarly, it's essential to maintain different passwords for various online services, such as online banking, email, and social media. If one password is compromised, your other accounts remain protected.

It is also extremely important to differentiate the passwords you use for personal and work use, if either of these were to be breached the repercussions for either side could be paramount. 

2. Memorable, yet unpredictable 'passphrases'

Creating a password that is both memorable and unpredictable is an art. NCSC recommends combining three or more unrelated words, avoiding easily guessable choices like the names of your pets, children, or favourite sports teams. This strategy increases your password's length, while keeping it memorable. For instance, think beyond 'FluffyDog123' and instead consider 'Purple!Banana?!Coffee' (e.g. your favourite colour, favourite fruit and your favourite drink). 

3. Length equals strength

The length of your password plays a pivotal role in its resilience against cyber criminals. Consider this: a 12-character password can be cracked by a powerful computer in just a few days. However, opt for a randomly generated 24-character passphrase, and it would take over 500 years to crack. As computer technology advances, this time frame will only decrease. So, make your passwords longer for added security. By using the passphrase method, it is actually very easy to reach a long character count, so again keep in mind these 4 steps work together. 

4. Mix in complexity

To fortify your password, incorporate a mix of uppercase letters, numbers, and special characters. However, avoid using numbers as direct substitutes for letters (e.g., '3' for 'E'). Striking the right balance is crucial; an example like 'My1stjobsInCosta&BootswereFun£' (30 characters) or 'Panda!Movie4burger$Leaf35' (25 characters) is a great balance between complexity and memorability.

In short, creating a passphrase using three random words, with random characters, capitalisation or numbers is the ideal password. Using this method will almost guarantee a long length also. This method aligns with the most recent guidance provided by the NCSC and as always, it is best to stay ahead of the curve with all things digital as it will always continue to shift. 

Once you've mastered crafting strong passwords, the next step is managing them effectively. Here are some strategies to consider:

Managing your secure passwords

Password manager tools 

Password manager tools are a game-changer in password management. With the ability to generate and securely store complex, unique passwords for each of your accounts, these tools not only simplify your online life but also bolster your protection against cyber threats. Password managers offer the ease of automatic login, single-use sign-on (SSO), and enhanced security features like two-factor authentication (2FA), making them an essential companion in safeguarding your personal and professional information. 

Find out more about the benefits of a password manager tool.

Web browser storage

Storing passwords in your web browser, when prompted, can be a convenient way to manage your login credentials, especially for frequently visited websites. This feature simplifies the login process, as the browser can auto-fill your username and password. However, it's important to exercise caution and consider the security implications. While most modern browsers offer encryption to protect stored passwords, the risk arises if someone gains unauthorised access to your computer or device.

In contrast, dedicated password managers provide a more secure and comprehensive solution, generating complex, unique passwords, offering cross-device synchronisation, and adding extra layers of security like bio-metric verification, making them a preferable choice for those who prioritise both convenience and strong cyber security.

Physical password storage

Physically storing and managing passwords is not recommended but understandably, there may be instances it cannot be avoided.

Storing passwords physically, such as in a written format or on a physical device, can be an alternative approach to digital password management. This method is often favoured by those who are concerned about digital security or simply prefer a tangible backup. However, it comes with its own set of challenges. Written passwords can be lost, stolen, or damaged, making them less reliable for long-term use. Additionally, maintaining a physical record of passwords may not be feasible for individuals or businesses with a large number of accounts. To address these concerns, it's important to keep written passwords in a secure, undisclosed location (away from your computer!), preferably in a locked safe or a password-protected document, and to update them regularly for maximum security. Nevertheless, for those seeking a more organised and secure solution, digital password managers remain the most popular, secure and practical choice.


In conclusion, while strong passwords are a crucial first line of defence, they are not the sole safeguard against modern cyber threats. Even the most robust passwords can be intercepted or stolen through various common scams or phishing attacks. To bolster your online security further, consider implementing Multi-Factor Authentication (MFA), a critical step in protecting your digital assets against unauthorised access.

By following this guidance on crafting strong passwords and implementing best practices for password management, you'll be well on your way to enhancing your online security and protecting your digital identity in today's increasingly connected world. Keep your world secure.