A couple of weeks ago, I was sat in a lovely café in Watchet helping the owner set up their new online ordering system. Everything was going smoothly until she opened her desk drawer and pulled out a tatty notebook filled with crossed-out passwords. "I can never remember them," she said, "so I keep having to reset them and make new ones." Sound familiar?
I've been helping businesses across Somerset with their websites and security for over 40 years, and I reckon password problems cause more headaches than anything else. The worst part? Most people make it harder than it needs to be.
Why Your Current Password System Isn't Working
Let me guess — you're either using the same password for everything (please tell me you're not), or you've got passwords scattered across sticky notes, notebooks, and that Word document cunningly named "Passwords.doc" on your desktop. I've seen it all.
Last month, I helped a plumber in Taunton recover his website after hackers got in through his email. His password? The name of his business followed by "123". It took the hackers about three seconds to crack it. The cleanup took three days and cost him a fortune in lost bookings.
Reality check: If your password is your business name, your pet's name, or anything followed by "123", you're a sitting duck. Hackers have automated tools that try thousands of common passwords every minute.
The problem is, we've been told to create passwords that are impossible to remember. No wonder everyone cheats. But there's a better way.
The Three-Word Method That Actually Works
Here's what I tell all my customers: forget the random letters and numbers. Instead, pick three random words and string them together. The National Cyber Security Centre recommends this approach, and it's brilliant.
For example: CoffeeSpadeMinehead
That's already stronger than 99% of passwords out there. Why? Because it's long (18 characters), unpredictable, and — crucially — you can actually remember it.
But here's where I make it even better. Add a number or symbol between the words based on something meaningful to you:
- Coffee7SpadeMinehead (maybe you open at 7am)
- Coffee&SpadeMinehead (using an ampersand)
- Coffee52SpadeMinehead (your house number)
Now you've got a password that would take centuries to crack, but you can remember it because it means something to you.
Making It Personal to Your Business
A B&B owner in Minehead I work with came up with a clever system. She uses three words related to different aspects of her business for different accounts:
- Banking: Breakfast9SeaView
- Booking system: Guests4CoastalPath
- Email: Somerset&TeaRoom
Each password is unique, strong, and she remembers them because they relate to what she's logging into.
20 seconds
That's how long it takes to crack an 8-character password. But a 20-character password using three words? We're talking millions of years.
The One Tool I Actually Recommend
I'm usually sceptical about software that promises to solve all your problems. But about six months ago, I finally started recommending password managers to my customers, and it's been a game-changer.
A password manager is like a secure digital notebook that remembers all your passwords for you. You only need to remember one master password (use the three-word method for this), and it handles the rest.
I personally use Bitwarden because it's free for personal use and works on everything. A holiday cottage owner near Porlock started using it earlier this year after getting locked out of their booking system three times in a month. She now has unique, strong passwords for all 47 of her online accounts and hasn't forgotten one since.
Setting Up Your Password Manager
Here's the simple approach I use with customers:
- Create your master password using three memorable words
- Write this master password down and keep it somewhere genuinely secure (not under your keyboard)
- Add your existing passwords to the manager one by one
- Let it generate new, strong passwords for sites as you use them
Don't try to change everything at once. That's overwhelming. Just update passwords as you log into sites naturally.
What About Two-Factor Authentication?
If someone offers you an extra lock for your front door for free, would you turn it down? That's what two-factor authentication (2FA) is — an extra layer of security that costs nothing.
A shop owner in Bridgwater had their Facebook business page hacked a few months back. They'd used a weak password, and the hackers posted some right dodgy stuff that upset their customers. If they'd had 2FA turned on, it never would have happened.
Most important services offer 2FA now:
- Your email (this is the big one — if hackers get your email, they can reset everything else)
- Banking and payment systems
- Social media business accounts
- Your website hosting
It usually means getting a code sent to your phone when you log in. Yes, it's an extra step. But it's like putting a steering lock on your car — thieves will move on to an easier target.
Top tip: Start with your email account. It's the keys to your kingdom. If hackers get into your email, they can reset passwords for everything else.
The Passwords You Should Change Today
If you're feeling overwhelmed, here's where to start. Change these passwords first, in this order:
- Your email — everything else depends on this
- Your banking — for obvious reasons
- Your website admin — this is your business's shop window
- Any service that stores customer data — you've got GDPR responsibilities here
A few weeks ago, I helped a café in Watchet that got a GDPR warning because customer data was accessed through their compromised booking system. The password? "Cafe2020". The fine they're facing? Let's just say it would have bought a lot of coffee.
Make Password Security Part of Your Business Routine
Here's the thing — good password security isn't about being paranoid. It's about being professional. You lock your shop door at night, you check your till, you back up your important paperwork. Passwords deserve the same attention.
I've been visiting businesses across Somerset for decades, and the ones that thrive are the ones that get the basics right. Good passwords are just another basic, like keeping your books straight or answering emails promptly.
Start with one password today. Use the three-word method. Make it something you'll remember. Then do another one tomorrow. Before you know it, you'll have sorted the lot, and you'll sleep better knowing your business is properly protected.
And remember — if you ever get an email asking you to "verify your password" or "confirm your account details", forward it to someone who knows what they're looking at. After 40 years in this game, I've seen every scam going. Your business is too important to take chances with.
Sources
- National Cyber Security Centre — Official UK guidance on password security and the three-word method
- Information Commissioner's Office — GDPR requirements for protecting customer data
- Get Safe Online — UK's leading internet security awareness resource
Not Sure About a Suspicious Email?
If you've received an email that doesn't look right, don't click anything — forward it to me and I'll tell you if it's genuine. I'd rather spend 30 seconds checking than see you lose money to scammers.
Forward It to MarcusFree for all Exmoorweb customers. No question is too small.
About the Author: Marcus Knapman has been working with computers and building websites since the mid-1980s. Based in Somerset, he runs Exmoorweb from Williton — personally visiting customers across Minehead, Watchet, Taunton, Bridgwater, and the wider South West. With a BSc (Hons) and over 40 years of hands-on experience, he combines technical expertise with practical, no-nonsense advice.