Skip to main content Skip to navigation

Tips on choosing a good password

master_lock_with_root_password.jpg

What is a good password and why do I need one?

A good password is one that is easy for you to remember but hard for an attacker to guess. The password should also be unique for each site. A good password will protect you even when a site is hacked and choosing a good password needn't be hard and can even be fun (well, relatively so anyway....)

Step 1 - think of a phrase that has meaning to you but would be hard for others to guess

Examples:

  • I like Fridays because I finish at 4pm
  • I ran the London Marathon when I was 27!
  • Those pesky people on the WBS Helpdesk are making me change my password again :-(

Step 2 - take the first letter of each word and add a little spice!

Take the first letter of every word. To make things really hard for a hacker add a little punctuation (e.g. an exclamation mark), some capital letters or replace common words with numbers (e.g. replace 'I' with the number one, or 'for' with the number 4). Go on, have a little fun, it is your secret phrase that no-one else will know.

So the above phrases then become passwords like below (but don't use these as they have now been written down)

  • IlFbIfa4PM!
  • IrtLMwIw27!
  • TppotWBSHammcmpwa:-(

There you go... three really good example passwords that are easy(ish) for you to remember but very difficult for a hacker to crack.

Step 3 - use this knowledge to protect yourself at home too

Never re-use your WBS password for another site. In fact, it is strongly recommended that you use different passwords for all your important sites. You can do this by thinking up phrases for each of your key sites... something like:

  • "I like shopping at Amazon but I always spend too much money" becomes ILs@AbIas2mm!

More information and advice on passwords:

Consider using a password manager

Even using the above tips it can be difficult to create and remember long, complex passwords that are unique for each site. Fortunately a good password manager can greatly simplify things. You store your strong, unique passwords in the password manager (ideally you should not even know what they are, the password manager can generate super-strong passwords for you) and then you lock your password manager with one very strong password, which is the only password you must remember. This master password must be really strong as if someone could guess it they would have access to all of your passwords so spend a bit of effort to come up with a really good one, ideally 15 characters or longer.

There are lots of password managers available. You must choose one that you trust as you will be sharing all your secret passwords with it. The following three are ones you might want to consider:

  • LastPass - this has the largest market share and is used by most, if not all, members of the WBS IT team. There are both free and paid versions (with more functionality)
  • Keeper Password Manager - none of the team have used this but the reviews are good and it is pretty affordable, especially for families
  • KeePass - this is a completely free solution that might be best for fairly advanced users.

What should I do if I believe my password has been compromised?

  1. Immediately change your password to something secure by logging into http://my.password.wbs.ac.uk 
  2. Let us know by emailing security@wbs.ac.uk