On World Password Day, are your passwords strong enough?

by [Craig Taylor](/content/author/craigtaylor/ "Posts by Craig Taylor"/index.html) | May 7, 2026 | Security & Compliance

Today is World Password Day!

It is observed annually on the third Thursday in May, to raise awareness to individuals and organisations on the importance of creating strong, unique and complex passwords.

First introduced by Intel in 2013, it reminds us that passwords are still the first line of defence against identity theft, personal and business account access, and other cyber-attacks.

Take some time to review your own password practices to ensure you are following best practices:

Password Security Best Practices

For a password to be strong it needs to be:

Unique

Make sure you use unique passwords for each service you access. Unfortunately, a lot of people still use the same password, or variations on the same password, across multiple services. This allows a single security breach to compromise multiple services.

Complex

Simple passwords with dictionary words and a few numbers are easily cracked with automated tools. Make sure your password uses a random set of characters that include both upper and lower case, numbers and special characters. To create memorable passwords, use 3 random words.

This password generator is a great tool to generate random and memorable passwords:

https://1password.com/password-generator

Long

Ideally passwords should be at least 16 characters in length for maximum strength.

Avoid using personal information

Do not use personal information such as name, business name, pet’s name, birthdays, addresses etc. Also avoid using names or references to the service you are accessing within the password.

Use a Password Manager

Unfortunately, the reality is passwords are hard to remember and keep track of when our digital lives extend to so many online services. Therefore, we often choose weak passwords; combinations of dictionary words and numbers that are easy to remember but also easily breached. And due to the multitude of services we may be accessing, passwords are often re-used.

A Password Manager is an application that creates complex passwords and securely stores user credentials for multiple services. It overcomes the password problems outlined above, as the user only has one complex master password to remember which unlocks the Password Manager, all other passwords are created and stored in the Password Manager application.

For more information Why you should be using a Password Manager

Engage IT recommends 1Password to its clients, which is suitable for individual users and teams and works with multiple devices and browsers.

Use Multi-Factor Authentication (MFA)

Almost all online services offer MFA as a second level of security, don’t rely on passwords alone.

See my previous article What is Multi-Factor Authentication (MFA)?

Use passkeys

Passkeys are a more secure alternative to passwords that you don’t need to remember as they are created and managed safely by the software on your devices. Passkeys are now becoming more generally available across multiple services, this useful article from the National Cyber Security Centre (NCSC) explains them in more detail:

Passkeys: what you need to know

Resources

Cyber Security should be a multi-layered approach, and strong passwords should be used alongside other tools to ensure the security and integrity of your data.

See my previous article Are you doing enough to protect your data?

Ideally you should be using a Password Manager like 1Password.

If you are not, use their password generator to create secure complex and memorable passwords.

Top Tips from the National Cyber Security Centre (NCSC)

If you would like help to improve your security in your organisation, contact us today to see how we can help.