Comprehensible Information Security…


Billy’s Adventures:


Your passwords are the most common way to prove your identity when using websites, email accounts and your computer itself (via User Accounts). The use of strong passwords is therefore essential in order to protect your security and identity. The best security in the world is useless if a malicious person has a legitimate user name and password. 


Passwords are commonly paired with a username or email address. However, on secure sites they may also be used with other methods of identification such as a separate PIN and/or memorable information.

Risk of using a weak password

If you use a weak password it makes it easy of someone to commit fraud and other crimes against you by accessing your accounts. They may be able to access your bank account, buy items online with your money, impersonate you on social media sites and email, and access private information held on your computer or in cloud storage accounts.

  • DICTIONARY & RAINBOWS: Personal information, such as name and date of birth can be used to guess common passwords.
  • SOCIAL ENGINEERING: Attackers use social engineering techniques to trick people into revealing passwords.
  • POOR SYSTEMS: Badly secured systems can leak user passwords if exploited. Avoid signing up to disreputable sites.
  • SHOULDER SURFING: Observing someone typing their password.

Choosing the strongest password

Weak and insecure user passwords can make it easy for an attacker to crack, especially if the passwords contain whole words or phrases. Here are some tips you can you when making your next password:

  • Create a password with a length of between 9 and 19 characters, the more the better.
  • Numbers, symbols and combinations of upper and lower case should be used to create a stronger password.

Six Tips for Passwords

Never Share

In password security sharing is never caring. You should never share your password with others. They could write it down or make a note of it which could then be lost to a hacker.

Don’t Double Dip

If you use the same password for many accounts, if one was compromised it would be easy for an attacker to try the same password on the others. By using different passwords or a variation of one for different account means one stolen key wont open all your doors.

Don’t Change

Don't change your passwords every month, you're better off using a longer password for a long time than simple ones you change regularly.

Don’t be Predictable

The use of dates of birth, family, pet or nicknames and license plates should be avoided, consider who can access that information, remember, it will be publicly accessible if you have posted on Facebook, LinkedIn, Twitter etc.

Think length & Complexity

A longer password is usually better than a more random password, as long as the password is at least 12-15 characters long. However, it can't just be made of dictionary words.


Multi-factor authentication provides an extra layer of security, as it means your account can only be accessed on a device that you have already registered.

Password Guidance

  • PASSPHRASE: Passphrases can use a memorable quote from a film, a book or song. For example, "Some people feel the rain, while others get wet" could become "Spftr,w0gW".
  • CHARACTER SUBSTITUTIONS: For example, "Americano" could become "@mer1canO" or "Hot Chocolate" as "H0tch0c0late?".
  • PASSPHRASE & CHARACTER SUBSTITUTION: "IwantAnAmerican0" becomes "1wantAN@merican0"
  • PASSWORD MANAGER: Use password managers to reduce the burden or remembering many passwords. they allow users to securely record and store their passwords.

Top 10 Worst Passwords:

  • 123456
  • Password
  • 12345678
  • qwerty
  • 12345
  • 123456789
  • letmein
  • 1234567
  • football
  • iloveyou

Looking After your Password

You may have created the longest most complicated password you can realistically remember but it still won’t protect you if you don’t look after it. Here are some tips to keep your special word secure:


  • Never tell your password to someone else, they could write it down on some paper, email or any other insecure location that might be found by a malicious user. If you think someone knows your password its best to change it.


  • Don't enter your password if you think someone might be watching you, you may have anti spyware installed on your computer but even that can’t protect you from someone watching from across the room.


  • Changing your passwords repeatedly is not recommended, if you're making a new password every month chances are you’ll make it simpler. This means it will be easier to crack than a strong one you stick with. The exception is if the accounts to which the password applies has been hacked.


  • Use a different password for every website. If you use one password for all your accounts, a criminal simply has to break it to gain access to everything. If you have trouble remembering lots of different passwords use a password manager.


  • Don’t recycle passwords (for example password2, password3…)


  • Do not send your password by email, no reputable organisation will ask you to do this.

Password Managers

There are many password managers (also known as password vaults/safes or perhaps another term) available online. These allow you to store all your passwords in one, easy-to-access location so that you do not need to remember them all or write them down. You merely need to remember one set of login details.  


You should read reviews or get personal recommendations before entering your passwords into a password vault. Whichever you choose, our recommendation is that it features multi-factor authentication, this can send a code to your mobile phone or other device, which you need to enter into the password vault in order to gain access, much like when you confirm an online bank payment. 

Using the same Passwords for Multiple Accounts

If you use the same combination of email address and password for your email account as you do for other services and it is compromised by either a data breach or inadvertently revealing it – it makes it fast and easy for your email to be hacked too. The danger is two-fold: 


A survey suggests that half of Britons aged 18-25 use the same password for multiple online services, making it easy for criminals to hijack their accounts.