World Password Day: your key to better security starts here

Every first Thursday in May, we celebrate World Password Day—a global reminder to take a closer look at how we’re protecting our digital lives. From unlocking your phone to accessing your bank account, passwords can be considered the gatekeepers of your most sensitive information. But are yours up to the task?

At a time when cyber-attacks are getting more sophisticated than ever, using a weak or reused password is like putting a lock on your front door and leaving the key under the mat!

Computer passwords have been around since 1961 when the first one was created by Fernando Corbato at the Massachusetts Institute of Technology. Back then, researchers needed a way to keep files separate on a shared computer system.

His invention worked well for a while, yet he later claimed that this rudimentary security method had proliferated and became unmanageable, so you could say password problems have been with us since day one! Fast forward to today and we’re juggling dozens (if not hundreds) of logins, and the stakes are much higher.

Using “123456”, “Pa$$word” or even your pet’s name across multiple accounts might be easy to remember—but it also makes things ridiculously easy for hackers.

Why?

• One breach can expose them all – reusing a password across multiple sites means that if one site gets hacked, every other account with the same password is at risk.

  
  

• Criminals know the most common passwords – every year, lists of leaked passwords demonstrate millions are still using “password,” “qwerty,” or “letmein.”

  
  

• Phishing and brute-force attacks thrive on weak security – short, simple, or reused passwords are the first to fall in a cyber-attack.

  
  

It’s a sad fact that even people who’ve been scammed before often don’t change their habits. That’s a wake-up call for all of us.

Here are the top password tips from the National Cyber Security Centre (NCSC) to help you stay secure:

1. Use three random words: Instead of complex strings of characters that are hard to remember, the NCSC recommends combining three random, unrelated words—like OrangeLaptopCactus. This makes a password long and hard to guess, but easy to remember.

2. Turn on multi-factor authentication (MFA): MFA adds an extra layer of security. Even if someone guesses your password, they’ll still need a second method (like a text code or app notification) to get in.

3. Don’t reuse passwords for important accounts: Especially not for email, banking, or work logins. If one of them is compromised, you don’t want the others falling too.

4. Use a password manager: These tools generate and store unique, complex passwords for each account—so you don’t have to remember them all. Just keep your master password strong and secure.

5. Change default passwords on devices: Routers, smart home devices, and even office printers can come with factory-set logins that are easy to guess. Always change them when setting up new tech.

Cybercrime doesn’t ever take a day off, so whether you’re an individual or a business, take a few minutes today to strengthen your password practices. They may be a decades-old invention, but they're still one of the easiest ways to protect yourself online—when done right.

Stay safe and secure.

The WCRC offers a variety of support including its free core membership package as well as a range of  services that offer companies training and assessments in cyber security.