top of page

The history of passwords and why they have never been so important

Did you know that it was 140 years ago this month, in 1883, a Dutch linguist and cryptographer, August Kerchkoff, published an article in the Journal of Military Science that was to go down in history?

In the article Kerchkoff set out the foundations for modern cryptography which included a set of rules for securing military ciphers. It is thanks to him that we use passwords today.

Fast forward a couple of hundred years and passwords have never been more essential to keeping our businesses safe. And yet Microsoft estimates there are 34,740 password attacks every minute.

This is one of the many reasons why we at the WCRC encourage organisations to make cyber security a priority. Putting in place proper measures prevents others from gaining access to sensitive information that might relate to client data, payment details or private documents used by you to conduct your business.

Although, just having a password is not enough, we need to consider how we strengthen our password security, and we do this by making them more complex, and unique for each account. It is said the average internet user has roughly 100 different accounts, with many using identical passwords for multiple accounts. The danger here is if one is breached then that allows the criminal to access many more.

How often when you sign up for a new account are you asked to use a minimum number of characters which must include a capital letter, a number, and a special character? It’s so tempting to use something that is instantly memorable, such as a location, a sports team, a city, a birthday or a name but these are all potentially publicly available information. The criminal may carry out some social engineering and identify many of these through yours and others’ social media accounts. It’s a good idea to avoid these when creating your password.

Why not integrate capital letters, numbers and symbols throughout your password making it more difficult to guess?! Remember, if you change certain characters in your password (such as a letter ‘o' for a zero), the criminals also know these tricks!

Now is the time to take steps to strengthen passwords to make accounts more secure. Consider using a passphrase as these involve multiple words and can be easily remembered whilst being complex enough to be difficult to crack. The National Cyber Security Centre (NCSC) for the UK advises using three random words to make a unique password which is both ‘long enough' and ‘strong enough’ and can be easily remembered.

So, if I was thinking of a password now I would look around my office and might choose radiatorcoffeeceiling, and then add some capitals and symbols to make it: raD@#iatorcOffee34ceiling. Just to be clear this is not one of my passwords but an attempt to show how a complex password can be created.

Remembering multiple passwords that are this complex is difficult, but that is where a password manager can help. And if you top this off with two-factor authentication, you have moved to a far more cyber secure position.

If you want to understand more or discuss your own cyber security issues then contact the WCRC then get in touch with a member of our team.

We offer a range of membership options depending on what level of support businesses need. Free Core membership provides businesses with access to a range of resources and tools to help them identify risks and vulnerabilities, as well as providing guidance on the steps they can take to increase their levels of protection.


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for Wales is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for Wales provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for Wales does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for Wales is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page