Set and use strong passwords

Passwords | Email | VoIP | Back-ups | File Sharing | Software | Browsers | Secure Computers

Passwords and PINs are used to identify who you are. Sometimes they are the only defence to protect your information against unauthorised access.

If your password or PIN is captured, guessed or stolen an attacker can potentially:

  • send emails from your accounts
  • withdraw money from your bank accounts
  • change files on your computer
  • or pretend to be you.

Passwords and PINs should be a secret known only to you. Strong passwords are difficult to guess and should be:

  • at least 8 characters long
  • a mix of upper and lower case letters, numbers and alpha numeric characters.

Do not include:

  • recognisable words or names, in any language
  • repeated characters
  • personal information
  • anything you have previously used.

Weak passwords are easy for a criminal to guess. Criminals use automated software that can guess thousands of passwords per minute.

Remembering complex passwords

Use password tiers

Password Tier

Account Risk

Account Types

Action

Tier 1

High risk accounts

  • Banking
  • Online payments
  • Social media

Use unique and complex passwords

Tier 2

Low risk accounts

  • No confidential information
  • No valuable information
  • Newsletters, catalogues

Less complex passwords are required.

 

Use a Password Manager 

You can install a Password Manager on your PC, smartphone or tablet. It will generate and remember super secure passwords for you and some will sync between your devices. The downside is that if the password manager is breached, all your information is accessible.

Make passwords easy to remember

Think of a pass phrase and then change some of the characters to make it a strong password. For example:

  • June School Holidays can be modified to: 7un3Schoo1Ho!idays
  • I like Australian red wine can be modified to:Ilike0zzieR3dwine
  • Be good, be wise can be modified to: B3g00db3wi5e$

It is always better to create and use a strong password, write it down and keep it safe than use a weak password.

Using strong passwords lowers overall risk of a security breach, but strong passwords do not replace the need for other effective security controls.

Maintain password and PIN hygiene to keep them safe

  • Do not use the same password for multiple services/websites.
  • Do not share your passwords with anyone.
  • Do not provide your password in response to a phone call or email, regardless of how legitimate it might seem.
  • Do not provide your password to a website you have accessed by following a link in an email – it may be a phishing trap..
  • Be cautious about using password protected services via a public computer, or over a public wi-fi hotspot.
  • Change your passwords regularly, at least every three to twelve months. If you think your password may have been compromised, change it immediately and check for any unauthorised activity. If the same compromised password has been used on another site, create a new password for this as well.

Treat PINs in the same way you would a password

  • Do not use obvious patterns like 1234, 4321 or 7777
  • Do not use postcodes, birthdays or other significant dates and numbers.
  • PINs should be a random mix of numbers, letters and characters.

An eight digit PIN is 10 000 times more secure than a four digit PIN.

 

Where to get help

Issue

Contact

You have forgotten your password and your computer is locked

  • Your local computer repairer
  • Your local computer retailer

You are looking for more information on securing your desktop or laptop computer

  • Your device manufacturer's website
  • Whirlpool or other discussion forums

Information on recent threats

  • A full list of useful contacts can be found on the Contact Us page.

Additional resources

  • Link to the SSO RSS feed
  • Link to the SSO YouTube page
  • Link to the SSO Twitter page
  • Link to the SSO Facebook page
Alert service
Easyguide Business Owners Budde Facebook Logo
  • Tip:

    Never send wire transfers to anyone you don’t know and trust.