The single biggest challenge in managing passwords has always been getting users to choose good quality ones. A quick glance across the worst password lists (the National Cyber Security Centre kindly compiles this every year) will tell you we don’t learn very fast, as the most awful ones seem to make the list every single year. I bet you know the ones I mean, p@ssword, letmein, password123, qwerty123, or even 12345 (keep adding numbers for every time you have to change your password).

The proliferation of systems means there are more and more passwords required every year – but those bad passwords keep cropping up, so are we setting our users up for failure? Well yes, if we don’t support them and make it easy for them to choose well, maintain well and change well.

Once you (or your users) have an effective password,  don’t force a  change to it every three months. NCSC advises users to keep a good password, as changing a complex password may cause them to write it down in order to recall it, for instance. This is defeating the object. So choose well and keep it well.

Never allow users to share logins, so all passwords and logins can always be traced back to a single user. That means the user’s information will be more secure too. Which brings us to re-using passwords. Do not do this. If a password is breached or revealed on one platform, the chances are the miscreant will try that password on other platforms too. This applies when using passwords across the work/home barrier too for obvious reasons.

Finally, of all the places you need a really robust password, your email must be top of the list. Your whole life can be reset via email, so make sure you have a top notch password protecting your digital Crown Jewels.

Mike Gillespie is Managing Director of Advent IM and IIRSM’s Specialist Advisor on cyber security