Did you know that the first Thursday in May is officially World Password Day? As awareness days go, this is definitely one to keep at the top of your reminder calendar.
World Password Day was created by Intel back in 2013 as a way of reminding people to change their passwords regularly. Life has changed considerably since then, but one thing still remains the same – implementing a stringent password policy and setting automated reminders to change your passwords (personally and professionally) remains one of the easiest ways to stay safe online.
Did you know that a fifth of people are using the same password for multiple websites and devices?
Last year, research commissioned by the Institute of Engineering and Technology confirmed that 20% of people routinely use the same password for multiple websites and devices. This can make it much easier for malicious hackers to gain access to multiple accounts quickly and easily.
How?
It’s simple, really. If someone has gained access to your emails, then they can quickly see any accounts/subscriptions you might have linked with that address. Therefore, trying the same password could grant them access to all of those third-party accounts affiliated with your email.
As Ipswich’s leading IT support and cybersecurity company, what worries us more is that the same research identified “over a third of people admitting they wouldn’t know what to do if they’d been hacked (41%).”
So before you go any further, make sure you bookmark our feature article, “I think I’ve been hacked…what do I do?”
Discover if your passwords have been compromised.
Did you know that you can check to see if your email address has been compromised, and if so, where that breach occurred?
Using the haveibeenpwned website, you can simply enter your email address and see if and where any breaches have occurred. If there has been a breach, you know which accounts you should prioritise when changing passwords.
Even more interestingly, back in 2019, the National Cyber Security Centre (NCSC) analysed the most common passwords retrieved as a result of data breaches. They published a detailed list of those passwords, which provides insight into how common weak passwords are.
The top ten most commonly hacked passwords were, as follows
- 123456
- 123456789
- qwerty
- password
- 111111
- 12345678
- abc123
- 1234567
- password1
- 12345
We spoke to our resident cybersecurity expert, Karl Wilkinson, who said
“It’s really quite worrying that the message still isn’t getting through to people about the importance of having a strong password. That list of hacked passwords might be six years old now, but it’s almost certain that people are still using those same easily identifiable passwords.
It can be frustrating when you sign up for accounts that request a mix of upper- and lower-case letters, special characters and numbers, but having that combination really is the best possible way to keep you safe online.”
With World Password Day upon us, here are our top tips for creating a strong password.
How to create a strong password
In most circumstances, software firms, stores and other places requiring passwords will have default settings that require a mix of characters, letters and numbers.
Those attributes are there to keep you safe and secure.
As standard, we recommend the following:
- Choose between 12-14 characters
- Have a mix of upper- and lower-case letters – passwords should be case-sensitive.
- Include numbers at the start, middle and end of your password – adding a 1 at the end isn’t going to be enough.
- Don’t forget to use special characters like @%& or! within your passwords
Using a password manager will help you remember those tricky logins
We understand that the reason why you likely use the same password again and again is because it’s easy for you to remember. Having a different password for every single account you have may feel overwhelming – particularly for those with memory difficulties.
The good news is that a password management system can handle this complexity for you.
- The password manager will allow you to create bespoke passwords for every account and will keep those passwords stored away safely with full encryption.
- It can synchronise your passwords across different devices (ideal if you routinely switch between desktop, phone or tablet)
- It will identify if you are trying to log in on a potentially malicious website.
- It will let you know if your password has been compromised in a data breach on a specific site.
Your browser (Safari, Chrome, Edge) will likely ask if you want it to save your password. The built-in password manager systems are safe and secure to use, and we recommend taking advantage of these systems to set up bespoke passwords for your different accounts.
Set up automatic reminders to change your password
As an IT support team, we work with clients across Ipswich, Colchester and Felixstowe to set up password management systems for internal systems.
We can set defined parameters that outline specific password requirements, and we can install automated checks to ensure that individuals are changing their passwords on a regular basis. This could be date-driven (perhaps monthly) or required after a certain number of logins.
This approach is essential because regularly changing your password will minimise the likelihood that your account could become compromised.
If you’re not sure how to do this yourself, or you would like us to check that you have the right settings in place, please let us know, and we can set this up for you quickly and easily.
Set up multi-factor authentication to identify potential data breaches before they occur.
Our final tip is to make sure that multi-factor authentication (MFA) is set up on your devices.
MFA can block over 99.9 percent of account compromise attack
Source: Microsoft
Again, this might feel like a frustrating step when you just want to gain access to your own accounts, but that secondary layer of defence is crucial to your cybersecurity protection.
Asking you to confirm your password details via a specific time-limited code, fingerprint, or face ID means that you will be alerted to any potential login attempts. You will receive an email or a text message every time you try to log into your account. If a message pops up and it’s not you trying to log in, it shows that your defences are working as they should be. It confirms that your layer of defence is preventing a real-time hacking effort.
As of February 2025, MFA became a mandatory requirement for Azure and Microsoft 365 admin centres.
Talk to Lucid Systems to secure your systems through effective password controls.
While World Password Day may feel like a gimmick, it’s never been more critical.
We take password management extremely seriously – it’s the crux of your cybersecurity settings, and with proactive controls, you can significantly reduce your risk of harm.
If you’re not sure how to change your passwords or you need help checking that you have the right settings in place, please get in touch. We’d much rather help you set up proactive password defences than spend time sorting out a cybersecurity issue that could have been easily prevented.
In just a few moments, we can get your password controls set up safely and securely and in line with global best practice standards.
