Back

Tips for Secure Passwords

8 Key Facts About Passwords

  • 64% of individuals have passwords averaging 8 to 11 characters in length.
  • On average, an individual has about 100 account passwords.
  • 80% of all data breaches are a direct result of weak, reused, or stolen credentials.
  • 30% of internet users use a password manager to store and track their passwords.
  • 34% of internet users change their passwords once every 30 days.
  • 84% of individuals reuse the same password across multiple platforms or applications.
  • The most commonly used password is "123456" which is used more than 4.5 million times by internet users (Nordpass Study 2024).
  • 99.9% of attacks are blocked by 2FA or MFA authentication.

5-Steps to Stronger Passwords

Creating a strong password is easy if you follow a few straightforward guidelines. Aim for a password that is at least 12 characters long. Instead of just using letters and numbers, and mixing in symbols to increase security. Avoid including personal information that could be discovered through a quick online search about you. When using full words, choose unrelated words and consider altering the spelling or avoiding dictionary words altogether.

    • Ensure your passwords comprise 12 characters or more – The longer the password, the better, but 12 characters is the recommended minimum length to create a challenging and secure password. This is because it takes hackers, more work, to create the number of possible sequences when hacking.  For example, a 12-character password with three uppercase letters, four lowercase letters, two numbers, and three special characters will have 475,920,314,814,253,376,475,136 combinations. 

    • Avoid using simple adjacent keyboard combinations – For example, “qwerty”, “asdzxc” and “123456”. 

    • Do not use your username, real name, date of birth, year of birth, etc.  

    • Combine unrelated words to form sentences or phrases, as these are easier to remember – don’t use combinations or phrases that make sense. Put word combinations together that aren’t anything that someone would guess. Avoid using song lyrics, movie titles, or other famous quotes. Use three or four longer words mixed with numbers and special characters.  

    • Use a combination of letters (upper and lower case), numbers (1,2,3, etc), and symbols ($!#, etc) – Passwords are more secure when we use letters, numbers, and symbols in the sequence. The letters should be a combination of upper and lower case letters. Don’t just capitalise the first letter; mix them up. Use special characters, such as punctuation, to break up the letters and numbers. 

Set Safer Recovery Questions

Many web services ask for “security questions” or “recovery questions” when you create an account. To make it less likely that someone guesses these, you can use the following strategies:

    • Provide fake, unrelated answers to these questions.

    • You can even use another random, or unique code generated by a password manager.

    • Ensure you save your responses in your password manager to avoid the risk of forgetting your recovery questions and getting locked out.

Difference Between Two-Factor and Multi-Factor Authentication (2FA/MFA) and One-Time Passwords

Two-Factor Authentication (2FA) is like adding an extra lock to your door. Instead of just needing a password to get into your online account, you need a second thing to prove it’s you. Usually, this second step could be a code sent to your phone, a fingerprint, or a tap on an app. So even if someone guesses your password, they still can’t get in without that second piece.

Multi-Factor Authentication (MFA) is the same idea but with even more layers of security. It could involve needing a password and a phone code but also an additional form of authentication – like a fingerprint, a face scan, or a special security key or PIN code

OTP stands for One-Time Password. It is a security feature used to authenticate users for a single session or transaction. OTPs are typically 4 to 6-digit codes sent to a user’s registered mobile number or email address. These codes are valid for a short period, usually 30 seconds to a few minutes.  Therefore, when a user initiates a transaction or login, an OTP is generated and sent to their registered contact. The user must enter this OTP to complete the process. This ensures that even if someone has the user’s login credentials, they cannot access the account without the OTP 

The overall concept is that the more “factors” or “checks” required, the safer your account will be.

Think of it like getting into a high-security building: You might need a key card (password), a fingerprint scan (something you are), and to answer a security question (something you know). It makes it much harder for the wrong person to get in!

How to find out if you Passwords have been compromised

Search the ‘;–have i been pwned? website (https://haveibeenpwned.com/) to see if your accounts are reported as compromised.

Change any of your account passwords listed there immediately, following the instructions for using a password manager.

Remember even if none of your accounts show up here, you should still follow the instructions in this guide, as many account breaches are not reported.

Useful Links

Tag:, ,

hivetraining

You may also like

safr
Safer Internet Day 2025 – Socially Engineered Scams Presentation [Protected]
4 March 2025
SIM-Swap-Fraud
What is SIM Swap Fraud?
7 February 2025
qr-code-scam
What are Quick Response (QR) Code Scams?
7 February 2025

© All rights reserved. Hive Training Solutions a part of South Derbyshire CVS.