Everyone knows it, passwords are just a faff. We know we should be using strong ones, but it’s just so easy to put in the same password we’ve been using over and over again because it’s memorable. The problem is, something memorable likely means something easy to guess. “123456” topped the board according to the National Cybersecurity Centre in 2019, with it being used over 23 million times.

Yes, really, and there are a few more wild choices too. If you’re a “Liverpool” fan, it was used over 280,000 times. If you prefer your dog’s name over your favourite football team, we hope it isn’t “Ashley”, as that was used over 430,000 times.

Here’s the thing: passwords are the front door key to your online life, and if it’s made of wet cardboard, it’s easy for anyone to walk right in and make themselves right at home.

Now more than ever, we are reliant on digital services like, online banking, work accounts, shopping, smart homes, you name it. Chances are, these accounts hold important information like card details, security codes, emails, and PII (Personally Identifiable Information) that can all be used against you. For every similar simple password you use, your risk of a breach multiplies for each new account.

But how fast can a password actually be cracked? According to Hive systems, this is how fast your password can actually be broken into via a brute-force attack.

Image Source: Hive Systems, 2025 Password Cracking Analysis

Even with an 8-character password with Lowercase Letter and Numbers it can still be cracked in a day. To put it simply, the more complex your password, the harder it is to crack, with some predicted to take quintillions of years!

So what should a strong password look like? We’ve put together a checklist:

• A minimum of 12 characters (Ideally more if possible)
• A mix of uppercase and lowercase letters
• At least one number (More, random ones scattered throughout if possible)
• At least one symbol (!, @, £, #, etc.)
• No dictionary words, names or patterns (like “abcde” or “2025”)

A few examples of a complete checklist includes:

• (6w^%hAf(#M7-&;’Eds0
• ;~l’g_$S]}F.9PjYKV7t
• _!~H+}#YCr*Xd4`QL{dy

It may look like your cat bounced around your keyboard, but it’s music to your IT departments ears.

Trying to remember dozens of unique, complex passwords is impossible. It’s like trying to remember the entire script of the Bee Movie – but backwards. It’s not realistic.

That’s where password managers come in. One super locked-down master password that holds the key to the vault. No more password resets, no more sticky notes under keyboards, and certainly no more “Football123!”.

A password manager is an encrypted database that stores your credentials to the sites that you use. It can auto-fill login details on applications and generate strong, random passwords for new accounts. Furthermore, it can sync your passwords across all devices.

People make mistakes and it can have disastrous consequences when it comes to password security. We:

• Reuse passwords
• Use predictable patterns
• Forget complex passwords

As password managers remove the human element from password security, this means it brings less risk and less hassle.

They can also help you protect from phishing attacks. While using a password manager it won’t automatically try and fill in credentials on sites it deems as “dodgy”, helping you to spot these scams fast.

In short, a password manager is far safer than trying to memorise or reuse passwords. They use industrial-grade encryption that are on par with what banks and governments use. Even in the event of a rare breach, your data would be useless without that master password.

That said, your master password must be really strong – like will take a quintillion years to break strong, with 2 factor authentication (2FA) on top too.

By adding 2FA to every account you own, they are better protected in the long run. This extra step can include:

• One-time codes via app or SMS
• Hardware keys
• Biometrics like fingerprint or facial recognition

If there’s one thing to take away from all of this, it is this: the stronger the password, the harder it is for someone to gain access. Short and simple passwords take seconds to be cracked, and by the time your complex password, with all the bells and whistles, gets cracked, you’ll be long gone.

Security doesn’t need to be complicated. With a few smart tweaks, like ditching your weak reused logins and embracing password managers and turning on 2FA, you’ll make yourself a far less appealing target.

It pays to be the house with a high-tech alarm system with an angry dog, so cyber criminals don’t even get a chance to try out that key.