Password Security and Passphrases

Password Security and Passphrases
password1 STRONG PASSPHRASE purple·cloud·river·7 STRENGTH SECURE

Understand why strong, unique passwords matter and how to create passphrases that are both secure and memorable.

Password Security and Passphrases

Passwords are the first line of defence for every account you hold. Weak or reused passwords are responsible for a huge proportion of account compromises worldwide.

What Makes a Password Weak?

PASSWORD STRENGTH COMPARISON password123 VERY WEAK ~0.2 seconds to crack Summer2024! WEAK ~3 hours to crack (dictionary) Tr0ub4dor&3 MEDIUM ~3 years — but hard to remember correct-horse-battery-staple STRONG ~550 years — easy to remember kP#9mQ$vL2@nX7wR VERY STRONG ~34 billion years — use a password manager
The worst passwords are dictionary words, names, and simple patterns. Attackers don’t guess character by character — they test billions of known passwords from previous breaches first.
⛔ Important
Never reuse passwords. If one site is breached, every account sharing that password is immediately at risk. Attackers use automated tools to test stolen credentials across hundreds of services within minutes — this is called credential stuffing.

Passphrases: The Best of Both Worlds

A passphrase is a sequence of random words. It is:
  • Easy to remember — your brain handles words far better than random characters
  • Long — length is the single biggest factor in password strength
  • Hard to crack — four random words provide enormous entropy
How to pick a good passphrase:
  1. Use a random word generator or dice (Diceware method)
  2. Avoid song lyrics, quotes, or phrases you already use
  3. Add a number or symbol if required by the site
  4. Never use personal information (your name, pet, birthdate)

The Password Manager Solution

✓ Key Point
A password manager (such as Bitwarden, 1Password, or your organisation’s approved tool) generates and stores a unique, complex password for every site. You only need to remember one strong master passphrase. This is the single biggest improvement most people can make to their security.

What NOT To Do

Bad Practice Why It’s Dangerous
Reusing passwords One breach exposes all accounts
Storing passwords in a spreadsheet Unencrypted, visible to anyone with access
Writing passwords on sticky notes Physical exposure to anyone nearby
Using browser “remember password” without a PIN lock Accessible to anyone who opens your browser
Sharing passwords with colleagues No audit trail; can’t revoke access individually
Using personal info (name, dob, pet) First things an attacker tries

When to Change a Password

You do not need to change a strong, unique password on a regular schedule — this policy is outdated and leads to weaker passwords (Summer2024 → Summer2025). Change your password when:
  • You suspect it has been compromised
  • You learn a site you use has been breached
  • You have been sharing it with someone who no longer needs access
⚠ Warning
If your organisation requires regular password changes, use a password manager to generate a completely new random password each time — don’t just increment a number at the end.
Still juggling passwords on sticky notes?
If one reused password could unlock your email, your banking, and your business systems, it’s time to fix that properly. Mobile Techs IT Service helps Gold Coast businesses get password security sorted for good: password manager rollout and training for your whole team, MFA on every account that matters, checks for staff credentials already exposed in known breaches, and sensible password policies that people actually follow. Home users welcome too — on-site or remote, anywhere in Australia.