Passwords | Email | VoIP | Back-ups | File Sharing | Software | Browsers | Secure Computers
Passwords and PINs are used to identify who you are. Sometimes they are the only defence to protect your information against unauthorised access.
If your password or PIN is captured, guessed or stolen an attacker can potentially:
- send emails from your accounts
- withdraw money from your bank accounts
- change files on your computer
- or pretend to be you.
Passwords and PINs should be a secret known only to you. Strong passwords are difficult to guess and should be:
- at least 8 characters long
- a mix of upper and lower case letters, numbers and alpha numeric characters.
Do not include:
- recognisable words or names, in any language
- repeated characters
- personal information
- anything you have previously used.
Weak passwords are easy for a criminal to guess. Criminals use automated software that can guess thousands of passwords per minute.
Remembering complex passwords
Use password tiers
High risk accounts
Use unique and complex passwords
Low risk accounts
Less complex passwords are required.
Use a Password Manager
You can install a Password Manager on your PC, smartphone or tablet. It will generate and remember super secure passwords for you and some will sync between your devices. The downside is that if the password manager is breached, all your information is accessible.
Make passwords easy to remember
Think of a pass phrase and then change some of the characters to make it a strong password. For example:
- June School Holidays can be modified to: 7un3Schoo1Ho!idays
- I like Australian red wine can be modified to:Ilike0zzieR3dwine
- Be good, be wise can be modified to: B3g00db3wi5e$
It is always better to create and use a strong password, write it down and keep it safe than use a weak password.
Using strong passwords lowers overall risk of a security breach, but strong passwords do not replace the need for other effective security controls.
Maintain password and PIN hygiene to keep them safe
- Do not use the same password for multiple services/websites.
- Do not share your passwords with anyone.
- Do not provide your password in response to a phone call or email, regardless of how legitimate it might seem.
- Do not provide your password to a website you have accessed by following a link in an email – it may be a phishing trap..
- Be cautious about using password protected services via a public computer, or over a public wi-fi hotspot.
- Change your passwords regularly, at least every three to twelve months. If you think your password may have been compromised, change it immediately and check for any unauthorised activity. If the same compromised password has been used on another site, create a new password for this as well.
Treat PINs in the same way you would a password
- Do not use obvious patterns like 1234, 4321 or 7777
- Do not use postcodes, birthdays or other significant dates and numbers.
- PINs should be a random mix of numbers, letters and characters.
An eight digit PIN is 10 000 times more secure than a four digit PIN.
Where to get help
You have forgotten your password and your computer is locked
You are looking for more information on securing your desktop or laptop computer
Information on recent threats
- A full list of useful contacts can be found on the Contact Us page.