How Secure Is Your Secure Password?

Simple tips to help make your passwords more secure

Websites and apps sometimes force password rules on users. You’ve undoubtedly come across websites where you have to use a combination of uppercase, lowercase, numbers, and punctuation marks.

These kinds of passwords could actually be less secure than you think.

Rules governing so-called “secure” passwords were devised in 2003. The man who came up with them now thinks they are “misguided”. But why?

When a secure password isn’t secure

Bill Burr came up with the password rules that many websites now use. He included them in a paper for the National Institute of Standards and Technology, and they quickly became adopted as good practice guidelines.

Unfortunately, although the password guidance seemed sound at the time, it encouraged users like you and me to be lazy. And laziness is usually a security killer.

When coming up with a password to meet these requirements, many of us substitute numbers for letters, with a random punctuation mark somewhere.

So something like “mypassword” would become “myp@ssw0rd!”.

But these kinds of substitutions are very easy to crack, even with a basic graphics card and some hacking software available from the darker corners of the web.

There’s another problem, which is highlighted in this article: Burr’s password guidance recommended that every user change their password at regular intervals. This is another cue for users to be lazy, making only slight changes, or recycling close variants of the same password.

According to Dashlane, the average UK internet user has 118 different passwords at any time. It’s no wonder that we recycle them when we’re constantly asked to change them. ( Apple, Microsoft; take note.)

How to come up with a secure password that you can remember

Password managers (like Dashlane and LastPass), as well as some browsers, will generate passwords for you. These random strings are more effective than the ones we try to come up with ourselves.

If you want to come up with a truly secure password yourself, Scientific American has some good advice: it should be a phrase that can’t be guessed by a family member in five tries, and can’t be copied if someone watches you type it once.

It recommends that you come up with a mental picture, convert that into a phrase, and use that as a password.

If that sounds like too much effort, try the strategy recommended by Lifehacker:

  • Avoid dictionary words, names, and dates

  • Mix up characters

  • Make your passwords as long as possible.

The third option is the four-word phrase -- providing you can think of a new, unique, random phrase for each site. It’s a big ask, but it’s a start.

Overall, remember: if you have a system of some kind, then there’s a good chance an algorithm can figure it out. Password managers are by far the safest option.


Award winning antivirus protection from TotalAV. Stay 100% safe from malware and online threats.

Security & Privacy

Can 2020 Elections Be Effectively Protected from Political Hacking?
As the 2020 elections draw closer, officials and citizen watchdogs endeavour to be significantly more prepared for a potential hack on American democracy.
23 August 2019

Security & Privacy

Can Smart Home Devices Actually Be Wiped Clean of Your Personal Data?
Our smart home devices don’t just wash our clothes, cool our food, protect our properties and clean our floors – they ‘know stuff’ too. And whoever picks them up next could be privy to our personal information.
20 August 2019

Security & Privacy

Monzo comes clean that 480,000 customer PINs have been exposed for months
Monzo Advises Customers to Change PINs after Security Breach
15 August 2019