Cyber security is a shared responsibility, and everyone has a part to play in protecting sensitive information (such as names, addresses, and financial details) online. To support you, we’ve put together ten top tips that you can follow to ensure you’re using strong passwords, as using long, complex passwords is one of the easiest ways to defend yourself from cybercrime. For advice see our top tips below -
According to the National Cyber Security Centre (NCSC), you should use a passphrase that is a minimum of eight characters long and consider combining three random words to create a password that's 'random enough' to keep the bad guys out, but also 'easy enough' for you to remember. For example, you could use three random words such as 'coffeetrainfish' or ‘walltinshirt’.
The best passwords are those that will be very hard for both humans and machines to guess, and the only way to get such a password is to ensure that your password contains capital and small letters, numbers, and special characters (such as an exclamation mark(!), hyphen (-), or an at sign (@).
Do not include personal information in your password that is easily accessible to others, such as your name or your pets’ names. As you’ll often share information like this via your social media and other online accounts, meaning it’ll often be easy for cybercriminals to find, and use to hack your accounts.
Try not to use common words or phrases that could be found in a dictionary which are easier for cybercriminals to guess or crack. Instead, substitute letters with numbers and punctuation marks or symbols. For example, @ can replace the letter “A”, and ! can replace the letters “I” or “L.”
Use phonetic replacements, such as “PH” instead of “F”, or make deliberate but obvious misspellings, such as “enjin” instead of “engine”. You could also use memory techniques, or mnemonics, to help you remember how to decode it. For example, instead of the password "hoops," use "IlTpbb" for "[I] [l]ike [T]o [p]lay [b]asket[b]all”, as using both lowercase and capital letters adds another layer of obscurity.
Don’t tell anyone your passwords and watch for attackers trying to trick you into revealing your passwords through rogue emails or calls. Remember, every time you share or reuse a password, it chips away at your security by opening more ways with which it could be misused or stolen.
Having different passwords for various accounts helps prevent cybercriminals from gaining access to these accounts and it’ll also protect you in the event of a security breach. You can achieve this and mix things up by using a memorable way to customise your standard password for different sites.
Use multi-factor authentication (MFA) to ensure that the only person who has access to your account is you. Use it for email, banking, social media, and any other service that requires logging in. Enable MFA by using a trusted mobile device, such as your smartphone, or an authenticator app.
Don’t share a password with anyone, not even a friend or family member, and never send a password by email, instant message, or any other means of communication that is not reliably secure. And whilst it’s ok to write your passwords down, as long as you keep them secure, don't write them on sticky notes/cards that you keep near the thing the password protects, even if you think they're well-hidden!
The most secure way to store all your unique passwords is by using a password manager. With just one password, a computer can create and save passwords for every account that you have – protecting your online information, answers to security questions, and more.
For more advice on creating strong passwords, including other security tips on changing passwords and how to check if your password has been compromised, please read the 'How to create secure passwords' article from the Which Computing Helpdesk team.
