What Is A Good Password?

Picking a Good Password is an important aspect of computer security. A poorly chosen password may result in unauthorized access and/or exploitation of systems and resources. All users, including clients, contractors and vendors with access to your systems, are responsible for taking the appropriate steps, as outlined below, to select and secure their passwords.

Complex passwords which are not easily remembered to typed are no good, as are passwords with difficult to find special characters! When Picking a Good Password, try to create passwords that are both secure and can be easily remembered. One way to do this is to create a password based on a saying, song title, affirmation, or other phrases.

For example: “This May be 1 Way 2 Remember”

This password is long, uses Upper and Lower Case characters, Numbers and punctuation (spaces) and uses these in a non-natural or grammatically incorrect manner. It can be remembered easy and typed quickly and naturally making it harder for people to catch by looking over your shoulder and even if someone guessed it they would still need to know exactly how you have typed or modified it.  You could also use a variant of this such as:

“THIS may be1 way2 REMEBER”



“This£May $e 111 Way 2 R3m3mb3r”

or some other weird and wonderful variation, the weirder the better!

NOTE: Do not use either of these examples as passwords!

However please be mindful that some systems have strange and pointless password restrictions such as no spaces or maximum lengths, so there is no one size fits all approach!

When Picking a Good Password, remember, Length beats complexity every time however the strongest passwords have the following characteristics:

Contain at least three of the five following character classes:
Lower case characters
Upper case characters
“Special” characters (e.g. @#$%^&*()_+|~-=\`{}[]:”;'<>/ and space etc)
Contain at least twenty (20) alphanumeric characters.

Weak passwords or Passwords with the following characteristics are normally prohibited and should be avoided:

Short passwords (containing less than twenty characters, yes 20!).
A password which contains a word found in a dictionary (English or foreign) unless it is a combination of at least 4 such words constructed in such a way so as to meet the minimum standards set out above.
The password is a common usage word such as:
Names of family, pets, friends, co-workers, fantasy characters, names of celebrities or other persons of note, sports team names or player’s names, etc.
Computer terms and names, commands, sites, companies, hardware, software.
OR Any derivative of a word from the list above!
Birthdays and other personal information such as addresses and phone numbers.
Word or number patterns like aaabbb, qwerty, zyxwvuts, 123321,123456789 etc.
Any of the above spelt backwards.
Any of the above preceded or followed by a digit (e.g., secret1, 1secret).
Any dictionary word with numbers replacing characters in a predictable or formulaic manner such as “w00d”, “5p0rt” or “313ph4nt” etc.  

Password Protection Standards:

Always use different passwords for each account/website and use different passwords from other non-Company accounts or personal accounts.

Passwords should never be written down or stored in online password managers.

Do not reveal a password in email, chat, or other electronic communication.

Do not speak about a password in front of others.

Do not hint at the format of a password (e.g., “my family name”).

Do not reveal a password on questionnaires or security forms.

Always decline the use of the “Remember Password” feature of applications such as web browsers.

If an account or password is compromised or you have any reason whatsoever to suspect it may have been compromised in any way you must report the incident to the IT / Data Protection lead in your Company and If you’re a Welgo Customer to our IT Team.

Most importantly of all use Two Factor authentication where available and remember When Picking a Good Password, Length beats complexity every time.

It is also important to note that Google has NEVER  been hacked, however individual user accounts have been compromised lots of times because people have used poor passwords or have inadvertently revealed them.  Google users are being targeted in this way because the Google System itself is secure.

Finally, Consider the use of a Secure Password Management Service like Last Pass, so long as you use it in combination with a strong master password and two-factor authentication the last pass is a good way to remember all of your passwords and security credentials.