Browse by category

Blog archive

2020March 2020 (3)February 2020 (1)2019December 2019 (2)October 2019 (2)September 2019 (2)July 2019 (3)June 2019 (2)May 2019 (1)April 2019 (2)March 2019 (1)February 2019 (2)January 2019 (2)2018December 2018 (2)November 2018 (1)October 2018 (2)September 2018 (1)August 2018 (2)July 2018 (1)June 2018 (1)May 2018 (1)April 2018 (1)March 2018 (2)February 2018 (2)January 2018 (4)2017December 2017 (6)November 2017 (4)October 2017 (5)September 2017 (3)August 2017 (3)July 2017 (3)June 2017 (1)May 2017 (2)April 2017 (1)March 2017 (1)February 2017 (2)January 2017 (2)2016December 2016 (2)November 2016 (1)October 2016 (1)September 2016 (1)August 2016 (1)July 2016 (1)2015December 2015 (1)January 2015 (1)2013December 2013 (1)2012November 2012 (1)

Good security is the most important aspect of your website, and the most common way that hackers break into sites is by guessing passwords. In this article, we'll look at what makes a good password and how to choose one.

How to choose a good password

The basic idea behind a password is that it's something that you know that no-one else does. A good basic minimum for a password is at least eight characters, with at least one digit and one punctuation mark. If you want to choose a really good password:

  • use numbers, symbols, upper and lowercase letters
  • make it at least 12 characters long
  • don't use words you'd find in a dictionary, letter or number sequences (e.g. abc123), or names of pets, friends or relatives

If you need to make a new password, a good way is to use a random password generator website like

Good password practice

Really we should all have different passwords for every login. That way, in the (not unprecedented) event that one site is hacked, the hackers will only have your login details to that site, not everything you've ever signed up to. (Hopefully, even if one of your logins is stolen, the password will be encrypted anyway. All our CMS passwords are stored encrypted.) 

As a minimum, have different passwords for your most important accounts.

If you need to write down your passwords, that's not necessarily a problem. It's much more likely that someone is going to steal your password online than break into your house and steal your little black book of passwords.

However this isn't a very practical solution. Once you've got a number of complicated passwords it's much better to store them in an online password repository like Last Pass or Passpack. That way you can access your passwords wherever you are, and even better you can cut and paste them into login forms - awkward random passwords are tricky to type in.

A word of warning: if you use an online repository make sure you have regular backups and a way to unpack them offline, just in case your password repository is ever unavailable for any reason.

Reset your password

It's good practice to change your password every now and again. 

If you ever get a notification that one of the websites you log in to has suffered a data breach, or you get emails telling you that someone is trying to reset your account password, it's a good idea to change it straight away.

Don't forget to update your password book or repository when you change a password.

Are my passwords safe?

It's not unlikely one of your passwords has already been hacked. To find out, go to Have I been pwned?, a website that keeps a record of data breaches. Enter your email address and you'll discover whether the password you use for any of the websites has been hacked.

For example one of Mat's email addresses was included in the 2013 Adobe hack which included data on 153 million accounts and the 2012 Dropbox hack which included 60 million account logins. He now uses a different password for every single website. 

Top 20 most common passwords

Below is a list of the most common twenty passwords in 2016 according to Wikipedia.

  • 123456
  • password
  • 12345
  • 12345678
  • football
  • qwerty
  • 1234567890
  • 1234567
  • princess
  • 1234
  • login
  • welcome
  • solo
  • abc123
  • admin
  • 121212
  • flower
  • passw0rd
  • dragon
  • sunshine

Needless to say that if any of your passwords are on this list you should change them immediately!

Some of them are more obvious than others, but they are all classic examples of a weak password.

Read more tips on how to avoid getting hacked (or what to do if you have been hacked).

Tagged under: Troubleshooting   Bluffers guide   Hot topics   Email   Security   Passwords