Password security: It's like sellotaping your house key to the front door...

Brits have been urged to apply steps to stay safe online after results of the UK Cyber Survey exposed exploitable gaps in their personal security knowledge.

Password security: It's like sellotaping your house key to the front door...

On the radio this morning (TalkSport if you’re asking!) I heard another advert reminding individuals to be cyber aware; to be concerned of malware, to not bow down to ransomware attacks. Great news, everyone is becoming more cyber aware, even Alan Brazil (in his Scottish twang) was talking about it. The industry’s mission to educate everyone is taking shape. And then, you walk into work and read an article about the most common passwords of 2019, and of course, there’s some massive issues….

Can you guess what the most used password was for 2019?

The one used by around 23 million users? The same one as 2018, as 2017, that’s won the honour (honour…!) consecutively since 2013…. 123456. That’s right, 123456. Hello face, here's my palm! facepalm emoji Then there’s the rest of them; QWERTY, 111111, password; the list goes on in a similar vein (my favourite of all of them was ‘Iloveyou’ – sweet as the person stealing your data is probably thinking the same about your password choice!). It amazed me that in this day and age, when we are bombarded with news articles about hackers stealing your personal data that there’s still not a greater effort by individuals to make themselves as secure as possible.

common passwords 2019.jpg

Password accountability

As mentioned within the article, the whole fault can’t be put at the feet of the individual, but the websites involved should also be accountable. Their responsibility is to make it as difficult as possible for hackers to access their data. They can make their infrastructure more robust, their defences better to deal with attacks but they should also enforce more complex password policies. Yes, the companies involved in data breaches are held accountable, they are fined and exposed in the media. Surely it would be better for all companies to enforce strong password best practice, then, if hackers do get in, maybe it would be slightly more difficult for them to get into customer accounts.


There’s a consistent message that hacks are becoming larger in scale and more sophisticated in techniques than before. Makes sense, we see technical advancements on a daily basis (ah the good ol’ days of Nokia and Snake!) but if you think about it logically, so are the hacking groups / individuals looking to get your data. Responsibility rests on every organisation to make their infrastructure as secure as possible and protect every crown jewel they hold; however, it is up to us as users to improve our security practices.

Password best practice

Dr Ian Levy, National Cyber Security Centre (NCSC) Technical Director, said: “Using hard-to-guess passwords is a strong first step and we recommend combining three random but memorable words. Be creative and use words memorable to you, so people can’t guess your password.”

It’s easy to change your password to something trickier, to change it regularly on a monthly basis, to use a password manager; all it requires is the willingness to do so. It doesn’t have to be the most complex thing in the world, nobody should have to remember h810+*&1sjS0df@21bHiW@!hQBca781 (that’s where password managers do come in handy if you do want one!) but the advice is out there to keep you, and your data, as secure as possible.

About the author

Jon Stock.jpgJonathan Stock is our Information Security Recruitment Consultant. If you liked this article check out Jon’s other pieces here including:

The skills shortage within cybersecurity

Hacking: Cheaper than a Nando's chicken

Cybersecurity and IoT: The rise of the Hackers



Regular cybersecurity news and blogs from our Information Security Recruitment Consultant, Jonathan Stock.

Sign up for industry updates