What Is A Strong Password – Guide 2023

Floating Licence
What is a Floating License? | 2023 Guide to Floating Licensing
21st August 2019
What is SCA (Strong Customer Authentication) and PSD2?
29th October 2019
Show all

What Is A Strong Password – Guide 2023

password white bg

With 81% of company data breaches for companies in 2018 due to not using strong passwords, it’s increasingly important to take every step possible to stay safe when conducting transactions online.

But what exactly is a ‘strong’ password and what options are available to help ensure that your sensitive information remains secret and safe? Let’s explore further…


What is a strong password?

When we are asked to come up with a password, it will often involve something that is easy for us to remember – such as a string of words or numbers that mean something personal to us. These are ‘weak’ passwords that are often easy to guess for individuals attempting to gain access to your account or personal information.

So what is a strong password? A strong password is one that is difficult or impossible to guess. The best strong passwords are ones that are at least six characters long, combine upper-and lower-case letters, numbers, and do not hold any words that can be found in the dictionary or can be figured out by examining your social media profile.


Why are passwords so important?


Simply put, passwords are deployed to protect information or functionality that is personal to you or should not be available to the general public. Passwords are used on a number of different sites from personal email accounts, online banking details, private business logins, commercially sensitive file-sharing platforms, and much more.

A weak password means that a suitably motivated individual can access this information with ease and personally profit. At the lowest end of the scale, this means the inconvenience of having to update your personal passwords and site details. At the other, you can be at risk of losing significant savings from your account, be subject to fraud, or be personally responsible for data loss for your business. 

While password creation and maintenance can be consuming, it is always worth remembering that it will involve a fraction of the time and stress involved with resolving a data breach or attempting to refund any money stolen from your account.

If you are personally responsible for keeping your information secure, it is essential that you deploy strong passwords and have a broad awareness of dos and don’ts when it comes to creating them.

Most people don’t do this at all - did you know that the top 5 most common passwords are:

1. 123456

2. 123456789

3. qwerty

4. password

5. 111111

(according to the UK's National Cyber Security Centre (NCSC) in 2019)


Examples of weak passwords - what not to do

Not using 123456 as your work email's password? Great. But even then there is a good chance your passwords are not secure. Take a look at these examples.


Plain language passwords

A common trick for bypassing passwords is to use a ‘brute force’ hack. Depending on the setup of the system, intruders with access to your social media will apply your initials, that of relatives, or pet names. If it can be found in a book, it shouldn’t be in your password. 


Shared Passwords

Never use the same password on multiple sites. If an intruder gains access to your account, their first port of call will be to try your login id and password with other accounts that are linked or could be attached to your account. In addition, never share your password with another friend or colleague as this will exponentially increase your risk of a breach.


Unchanged passwords

While it may be possible to determine what your password is over time, changing it regularly will make it more difficult for others to guess it. It’s advisable to change your password at least once a month and use password tracker software to keep tabs on your new password. Never physically write your password down and, of course, sticking it onto your monitor or laptop with sticky notes should not happen!


Any good site will ask your to regularly change or verify your account password. Companies like Amazon or eBay will ask you to attach a mobile phone number to your account and send one-use passwords or verification or alert messages if a user with a new IP tries to access your account.


The need for higher online security has been taken seriously in the past years. In September 2019, new European regulatory requirement called Strong Customer Authentication (SCA) took effect. SCA’s purpose is to prevent and reduce fraud and make online payments more secure.


How to obtain strong password ideas?

Ideally, most sites you use should enforce the creation of a strong password to use on their system. Ideally this should involve the following steps.

The site should detail what your password needs to have, this should include upper- and lower-case characters, numbers and be of a certain length.
When the password is being entered, a dynamic checker should give information about the status of the password from poor, to strong, to secure, sometimes with colours from red to green.
Once it is entered, the registration should be sent to your email account to confirm that it is indeed you registering on the site.

If this is not the case, we would always advise that you follow these steps anyway and make the extra effort to ensure that your online security is given top priority.

It is also worth using a password protector service such as KeePass to store your account information in one secure place. These often come with random key generators to help quickly and securely create high-strength passwords and prevent unwanted access to your personal and professional accounts.


Multi-Factor Authentication can help with keeping passwords safe

Multi-Factor Authentication (MFA) is the new gold-standard for site security when you’re looking to keep your account passwords safe. 

This a security system that asks anyone accessing your account for multiple unique credentials to prove exactly they are who they say they are. Depending on how you want to set it up, this can include push notifications to your mobile device, a request for fingerprint ID, or a unique additional security question. Smart devices such as iPhones have even started using facial recognition or the potential for retinal ID as an added plus. 

One-time passwords are also an extra layer of security that can be implemented. If you want to learn more about how this can help, you can check out our recent blog on one-time passwords and find out how it can contribute to your personal security online.



If you want to keep your account secure online, applying MFA in combination with a strong approach to password security is a hugely helpful way to keep your personal information out of unwanted hands.

This means choosing regularly updated, long-form passwords that are created according to recognised best practice. It is also helpful to look into using MFA to keep your accounts secure and staying abreast of industry best practice, as the internet never stands still…and neither should you.

If you're developing an application and want to enforce MFA, please contact us at 10Duke.

If you want to have a look on your options for best password managers you can do so at Digital, who have done research on the topic: Best Password Managers of 2020.

28th February 2024
login-based licensing

Login-Based Licensing: Flexible & User-friendly Approach to Software Licensing

Login-based licensing means to license and control access to software based on user login credentials, simplifying product access.    
9th January 2024
benefits of multi-factor authentication

Why Implement Multi-Factor Authentication (MFA)? A Key to Enhanced Digital Security

Multi Factor Authentication (MFA) involves two or more methods of authentication in order for an individual user to be given access to a system.    
10th May 2023

5 Reasons Why Web Applications Need a Software Licensing Engine

Dedicated licensing engine provides significant value and helps overcome complexity. In this blog we explain the complexity and how to solve it.
7th October 2022
Centralised Licence Management

How Centralized Software License Management Will Increase Your Revenue

License management is typically looked at simply as a cost of doing business. When done correctly, license management can be an engine of revenue growth, removing […]
18th August 2022
10Duke Cloud Based Licensing

Cloud-based Software Licensing | The Modern Way

Every kid coming out of Harvard, every kid coming out of school now thinks he can be the next Mark Zuckerberg, and with these new technologies […]
11th April 2022
To build or buy a software licensing system

Software Licensing System – The Build vs. Buy Conundrum

To build or buy a licensing system – the huge question all growing software vendors will face. This blog will help you make an informed decision.
13th December 2021

Licensing As a Service – Why It’s the Modern Way of Software Licensing

Licensing as a Service, a new method of software licensing, offers flexible and effective means of monetizing software products quickly and easily.
20th August 2021
10Duke 101 - Understanding 10Duke Licensing

10Duke 101 – Understanding the Basics of 10Duke Licensing

A brief introduction to 10Duke’s Licensing Solution. We will go through its main concepts and how to integrate with 10Duke, including delegation of authentication, product configuration […]
12th May 2021

Software Activation – The Good, The Bad and the Modern

Software Activation is a technology that verifies a software product has been legitimately licensed for use. Learn how to do it effectively.

Ideally, most sites you use should enforce the creation of a strong password on their system. Ideally this should involve the following steps.