Create good passwords
Creating long and strong passwords for your online accounts is one of the most effective ways you can protect your personal information, and keep yourself safe from attackers.
How to protect yourself
-
Use a different password for every online account you have
Many of us use the same password for all our accounts, or stick to two or three different ones that we use over and over. The problem with this is that if an attacker gets hold of one of your account passwords, it'll give them access to any other accounts that share the same password. Keep your accounts safe, and use each password only once.
-
Make your password long and strong
Long passwords are strong passwords. An easy way to create a good password is to make a
made up of four or more random words. Passphrases are easier to remember, and they’re stronger than a password that uses a long mix of numbers, letters, and symbols. You can try making a passphrase that’s a sentence or fun phrase unique to you. For example, 'popcornwithbutterisbest' or 'catseatpotatochips'. Or look around you and pick four random items, for example, 'coffeelemoncupflowers'.a string of random words (sometimes including numbers and punctuation) put together to create a memorable password.
Always use words that are random to you, and don't use family names, birth dates or addresses – this type of information is easy for people to find.
-
Don’t use personal information
Personal information is easy to find online, especially if you use social media. Details about you, like your date of birth, your address and even your pet’s name are the first thing attackers check when they’re trying to hack into other people’s accounts. So, if you share pictures of your dog online, make sure you don’t use your dog’s name as your password too.
-
Keep your passwords safe
If you’re worried about remembering your passwords, a
can create, save and manage your passwords for you – meaning the password manager will be the only account you need to remember login details for.a piece of software that holds all your passwords in a secure digital 'vault'.
Remember, don’t share your passwords with anyone — including your family, friends and colleagues.
Why it matters
The passwords you use online protect so much of your life – from your money to your email to your social media – so it's important to make sure they do their job.
It's easy to think "I don't have anything worth stealing", or "no one's going to go to the effort to hack me". But most online security attacks are random. Attackers don’t target specific people. Instead, they look for easy ways to get hold of people's personal information online. They’re not picky about who it belongs to.
The risks
Attackers can gain access to personal information by:
- accessing the email addresses and passwords for accounts that have been leaked online in data breaches
- buying lists of passwords that are sold online
- using
that works through combinations of letters and numbers to 'guess' passwords – a weak password can be cracked in milliseconds.
a set of instructions for your computer, made up of code. Apps, games, and browsers are all examples of software.
Think about what might happen if someone got hold of the password for your email account, for example. You might think your email account isn't much use to anyone else, but:
- your email password could also be the password for your social media accounts, giving an attacker access to your contacts and personal information
- work or contract information, or other sensitive information, might be stored in your
What you need to access some online services, such as email, social media and banking.
- an attacker could send emails that look like they come from you containing links to download
, such as ransomware
refers to viruses and other pieces of software than can infect your devices. Short for 'malicious software'
- an attacker could use the 'forgot password' option on your other accounts to reset your passwords and lock you out of your accounts.
Attackers can do a lot of damage with very little effort, and the damage can take years to fix – for example, if an attacker gets into your bank account, it can be very hard to recover the money that they steal.
Resources
-
How to create a strong passwordHow to create a strong password [pdf, 192 KB]
-
Keep your data safe with a password managerPassword managers: Keep your data safe [pdf, 88 KB]

How secure are you online?
Use our assessment tool to answer a few questions about your online security behaviour and habits. You will then get a customised action plan to work through to help you become more secure online.