The latest password guidance from the NCSC

Share on Social

In April 2019, a security study revealed that millions of people in the UK are using “123456” as a password, despite major cyber breaches in recent years.

It is well known that bad password management can lead to many data security breaches. As today (02/05/19) marks National Password Day, we consider the latest advice from the National Cyber Security Centre (NCSC).


Did you know that the password ‘123456’ has been found 23 million times in cyber security breaches? Proving that a common password will make you an easy target.

The NCSC has recommended #ThinkRandom for a few years and is still promoting this method of password creation.

Instead of creating extremely long and complex passwords, the NCSC’s #ThinkRandom recommends that, when setting up a password, users choose three random words. Examples used on the NCSC website are: ‘coffeetrainfish’ or ‘walltinshirt’.

Avoid using easy to guess passwords, such as ‘onetwothree’ or the names of family members or pets as this will make you an easy target for hackers.

How can businesses protect passwords?

Generating “good passwords” will only take your business so far. The NCSC has outlined four ways that businesses can improve system security:

  • ALL corporate web apps requiring authentication have HTTPS in place.
  • Ensure that any access management systems you manage are protected
  • Protect access to user databases.
  • Prioritise administrators, cloud accounts and remote users.

Cyber Essentials

The National Cyber Security Centre also recommends that UK businesses are Cyber Essentials certified. Two of the five controls that are outlined in the government-accredited UK scheme address password security requirements,

These controls can reduce the risk of a cyber attack as they are built to deter the most common types of breaches including phishing attacks.

To learn more about Cyber Essentials and how it protects again 80% of cyber attacks, visit our website.