Your password probably isn't good enough

December 2, 2021

Password Strength

Your secret password trick probably isn’t very clever

If you created your passphrase by just trying to think of a good one, there’s a pretty high chance that it’s not good enough to stand up against the might of a spy agency.

The reason that your password or passphrase is probably not good enough is that it lacks something called entropy. You can think of entropy as randomness, and it’s one of the most important concepts in cryptography. It turns out humans are a species of patterns, and they are incapable of doing anything in a truly random fashion.

To create *entropy* you can simply use Dice!  That's right, if you are really keen to create the most unique passphrase around use dice to roll 6 numbers.. Write each number down then look up the corresponding word in the Diceware list that corresponds with you numbers and volah! that is the first word of your passphrase.  Now repeat than 7 times to get a 7 word passphrase! ...or you can use password manager or online password generator who will roll the dice for you.

...or you can use password manager or online password generator who will roll the dice for you.

The best password policy

The "best" length and composition of passwords is hotly debated amongst cyber security people, and in many cases are being complemented with multi-factor authentication (a combination of something that you know, something that you have or something that you are), but in the most part it holds true that to have a strong password they should be:

  • At least 8-12 characters long.
  • Use a combination of upper and lower case letters, symbols and numbers.


Passphrases are most effective when they are long, unpredictable and unique.
A good passphrase should have **at least 15, preferably 20 characters** and be difficult to guess. Refer back to our earlier comments about entropy.

Password managers

Password managers (which can also be used to store passphrases as well) enable good cyber security habits. Having a unique passphrase for every valuable account may sound overwhelming; however, using a password manager to save your passphrases will free you of the burden of remembering which passphrase goes where.

A lot of web browsers provide an in-built password manager. You might have noticed the pop-up window asking to store your password when logging into accounts. Password managers are also sold separately, however, quality and security may vary.

When using a password manager:

  • conduct research to ensure the password manager is from a reputable vendor
  • conduct research to ensure the password manager is maintained by the vendor with regular security updates
  • protect the password manager with its own strong and memorable passphrase.
Learn More About InfoSecAssure

Learn more about how InfoSecAssure can help you achieve great information security outcomes so you can get on with what you do best.

Secure your business.
Today is the day to build the business of your dreams. Let us help you secure your assets without blowing your budget — and focus on the things that count!