How to choose a really good, secure password

Think you manage your online accounts in a safe and effective way? Read on and see for yourself.

With the sheer number of online accounts we all have these days, it’s no wonder passwords can pose a serious problem. The average number of accounts registered to one email address in the UK is 118! It’s easy to understand why we might feel overwhelmed having to manage them all.

While various password managers have emerged to help address the issue, most people don’t use one. Which perhaps explains why, according to a study by Intel Security, 37% percent of people forget a password at least once a week.

Information Governance

With this in mind, the importance of Information Governance cannot be underestimated. The principles of information security require that all reasonable care is taken to prevent inappropriate access, modification or manipulation of data. In the case of the NHS, the most sensitive data is patient record information.

Last year the Government launched a consultation on proposals for new standards on data security in England’s NHS. Dame Fiona Caldicott, the national data guardian for the health service, outlined the plans to emerge from her review into data security, consent and public trust.

Data security standards

The review came up with 10 standards for data security clustered around three themes:

  • ensuring staff are equipped to handle information respectfully and safely
  • proactively preventing data security breaches
  • ensuring technology is secure and up-to-date.

This is where effective password management comes in. It’s vitally important that users choose strong passwords and that they can also manage them safely. After all, what’s the point of choosing a great password if you can’t remember it and have to write it on a post-it note that’s stuck to your desk?

Here’s our advice on choosing a password:

1. Use long passwords

Longer passwords work better (they are harder to crack), particularly when using apparently unrelated words like Pink Fluffy Elephant. There’s no minimum password length everyone agrees on, but you should generally go for passwords that are a minimum of 12 to 14 characters

2. Don’t use dictionary words

A password like Pink Fluffy Elephan is actually stronger because Elephan is not a word, and therefore less likely to be tried in a hacking attempt.

3. Use a mix of character types

Include numbers, symbols, capital letters, and lower-case letters because using a mix of characters makes the password harder to crack.

4. Turn a sentence into a password

Transform a memorable setence into something harder to crack. For example, Somewhere over the rainbow way up high could become soTHEr@i5bowwuh.

5. Go completely random

Use a random, unmemorable alphanumeric password like 4g3UV}6VE?zp (with symbols if the site will allow). Using a password manager to create and store them means you don’t need to try to remember it either. There are various password managers online to choose from.

** Whatever method you choose – please don’t use any of the examples I’ve mentioned above!

A couple of other things to consider:

  1. Never reuse a password. However secure you think it is, you don’t want someone who gets your password for one site to be able to use it for another.
  2. Don’t update your password regularly. Unless you think your password might be compromised, don’t change it.
  3. Don’t rely on obvious substitutions – for example, “H3llo” isn’t strong just because you’ve replaced an e with a 3.

I hope this helps to guide you in choosing strong passwords and to also consider using a password manager. When it comes to keeping data secure, the greater the awareness on information security, the better.

Further reading


Give Florence Light a try for yourself

Simple pricing, no contract and free to test

Get started for free