Passwords: Why We All Do Them Badly (And How to Finally Do Them Right)

Let’s be honest: nobody likes passwords. They’re annoying, we have too many of them, and most of us handle them a lot worse than we think. 

If you want a quick reality check, try this free tool: Kaspersky Password Checker. Enter one of your “usual” passwords (not your current one, obviously - make one up in the same style) and see how fast it would be cracked. Spoiler: for many people in the dental sector, it’s seconds, not years.

Passwords like pa$$word, D3nt4l, Buffalo1, or Letmein1 are shockingly weak. They might “look” secure because of symbols or numbers, but modern password cracking tools will break them almost instantly. 

So what can you do? Nobody trains us how to make good passwords. We just get told they should be “complex” - which usually results in something impossible to remember. But here’s the good news: passwords don’t have to be painful. It’s entirely possible to create passwords that are easy to remember AND nearly impossible to crack. 

Let me show you two simple techniques that will change the way you think about passwords forever. 

Technique 1 – The Multiple Word Approach 

Single words are bad. Really bad. Even if you dress them up with numbers and symbols. Buffalo1970 is just as weak as Buffalo1. And Buff4l01! isn’t much better either. 

The trick? Use two or three unrelated words together. 

Look around you for inspiration: scissors, spire, egg. Put them together into scissors-spire-egg. According to Kaspersky, that would take 208 centuries to crack. Even just two words, like scissors-spire, would take seven months.

Add a capital letter, a number, and a symbol - Scissors-spire1$ - and you’ve now got a password that would take five centuries to crack. 

It’s strong, memorable, and far safer than Buffalo1. 

If you want a hand coming up with words, try the generator at Correct Horse Battery Staple. Set “min words” to 2 and “minimum letters” to 10 - you’ll get a rock-solid password every time. 

(Obvious but important note: don’t use the examples here now that I’ve written them publicly!) 

Technique 2 – The First Characters Approach 

If you liked the first method, you’ll love this one. 

Take a line from a song you know well. For example: 

“Cause after all, he’s just a man. Stand by your man!” 

Now take the first letter of each word: Caahjamsbym. 

Looks random, right? According to Kaspersky, that’s a 33-year password before cracking - not bad at all. Add a number and symbol and it gets even stronger. 

The beauty is: while it looks complex, you’ll never forget it. Just sing the line in your head when you type. This is actually my personal favourite method - most of my passwords have been built this way for years. 

Other Things You Need to Know 

1. Password Expiry is Pointless 

Forcing staff to change their passwords every 90 days doesn’t make you safer - it makes things worse. People just start writing them down, or making tiny changes like Password1, Password2, Password3. Even Microsoft now advises against expiry policies (here’s their paper). 

2. One Password for Everything? 

Not ideal. The danger is if one company gets hacked, and their password database leaks, your password ends up on the dark web. 

If you use the same password everywhere, attackers can break into multiple accounts. 

Instead, think in clusters. Use one strong password for banking, another for shopping, another for work, another for email. That way, you’re limiting the damage if one leaks. 

3. Password Managers 

Tools like LastPass, Roboform, Chrome’s built-in manager, or Apple’s iCloud Keychain are fine - provided you trust the provider. They make life much easier, and for many people, they’re a sensible trade-off. You authenticate once, and the manager fills in the rest. Just remember: you’re centralising your risk, so weigh up the convenience vs trust factor.  

Passwords don’t have to be a nightmare. With just two simple techniques - multiple words or first letters - you can build passwords that are both memorable and incredibly hard to crack. 

Combine that with: 

• No forced password expiry. 

• Password clustering. 

• (Optional) a trusted password manager. 

  
  

And you’ve got a system that’s secure, practical, and far less frustrating. 

Because in the end, the weakest password in your practice isn’t just a nuisance - it could be the key that lets an attacker into your systems, your data, and your business. And that’s not something you want to leave to chance.