I’ve just started a new job, and all our email passwords are set as “pass123”. How best to convince my luddite boss that this is a bad idea?

Cyberclinic received many open-mouthed responses to this week’s question. Jamie Cowper from email encryption company PGP pointed out the risks that such employers expose themselves to: “Email isn’t just the main source of business communication – it’s also responsible for storing much of our data.” There are many ways of securing business data – most of which involve firewalls and protocol stacks and are best discussed by IT professionals – but the matter of secure passwords is something that affects all of us; most web services that hold personal data require a single password to allow full access.

Guessing a supposedly unique combination of letters and numbers is far easier than you might think. A recent password-breaking study combined 1,000 common passwords (such as ‘letmein’, ‘password’ or ‘123456’) with 100 common password suffixes (such as 1, 4u, 69 or abc) and in the process matched 24% of passwords analysed in the test. “We’re told that using a combination of letters and numbers makes for a secure password,” writes Tom Chambers, “but if people are using combinations as obvious as ‘blink182’ or ‘pass123’, it’s clear that they need a bit more guidance.” Security expert Bruce Schneier, writing recently for wired.com, recalled that the most common password was once “password”; today it’s “password1”, which represents virtually no improvement. Even ‘leetspeak’ techniques such as swapping ‘E’ for ‘3’ are incredibly widespread, and can be easily guessed by computers running password recovery software.

The fear most of us have when choosing yet another less obvious password is that we’ll immediately forget it, and writing it down on a post-it note obviously defeats the whole object. Fortunately programs are available, such as KeePass, which use a database to store our various passwords and allow us to access the full list by entering a single password. There are, however, techniques to generate memorable but hard-to-guess alphanumeric sequences. “Instead of words,” writes Andy McLean, “use initial letters of a phrase or lyric that’s memorable to you.” You could go further and intersperse these letters with a memorable number, and using this method I come up with “n1m5d2o9a8o9” – a password that I’ll remember straight away, but is hopefully worthy of a Fort Knox combination padlock. As to how to persuade your boss to use such a technique, Simon Colebrook suggests logging in to your boss’s email and leaving a note. “In the email, ask him or her how they’d be able to prove who had done it. Of course, this may breach your employer’s email abuse policy.” If, indeed, they’ve bothered writing one.