Set and use strong passwords

A password on your computer is like a lock on your front door-it prevents strangers walking into your house and stealing your possessions.

Attacks using stolen passwords occur more often than you may think. If you do not take care to choose a strong password and protect it, this could happen to you. Using 'strong' passwords and changing them regularly makes it hard for other people to access the information on your computer or your online accounts. Passwords aren't absolutely unbreakable and aren't a sufficient security measure on their own, but they can help make you less vulnerable and deter unauthorised people from using your computer.

 

Top tips

  • Set strong passwords, particularly for important online accounts and change them regularly-consider making a diary entry to remind yourself.
  • Never share your password with anyone. A password is meant to be a secret known only to you.
  • Memorise your password if you can. To make a password easy to remember, think of a phrase and then change some of the characters to make it a strong password. If you need to write it down in order to remember it, hide it somewhere safe.
  • Use different passwords for different accounts-otherwise if one is compromised it may give an attacker access to your other online accounts. For example, use a password for online banking that is different to the ones you would use for email or social networking.
  • Don't save passwords for important accounts in your web browser-otherwise anyone using your computer could access these accounts.
  • Be careful using your password on a public internet terminal (such as an airport or internet cafe). Read more about how to protect yourself when using Public computers.
  • Never send your password via email or store your passwords in plain text on your computer.

On this page

  • What makes a strong password
  • What to avoid when setting your password
  • Tips for remembering passwords
  • Protecting your password


Fact sheets and resources



video placeholder 1Protect your computer - stop intrusions - watch our video on protecting you computer. A text transcript is also available.




 

What makes a strong password

Strong passwords are not a substitute for good computer security practices!

Strong passwords can still be captured by some types of malware designed to capture key strokes and stored passwords on the computer. Read more about how to protect your computer.

Using strong passwords can help protect them from being 'cracked' or guessed.

Increasing the length of your password exponentially increases the time it takes to guess it, so it is wise to choose a longer one.

For more detailed advice, please see the factsheet Understanding password security (PDF, 270KB).

What to avoid when setting your password

  • Avoid passwords that would be readily identifiable or easy for anyone to guess, such as your name or business name.
  • Avoid using dictionary or foreign words. Hackers have many tools, such as dictionary programs, to assist them.
  • Never reuse old passwords. Use a completely new password every time you change your password.

Tips for remembering passwords

To make a password easy to remember, think of a pass phrase and then change some of the characters to make it a strong password. For example

  • June School Holidays can be modified to: 7un3Schoo1Ho!idays
  • I like Australian red wine can be modified to:Ilike0zzieR3dwine
  • Be good, be wise can be modified to: B3g00db3wi5e$

It is always better to create and use a strong password, write it down and keep it safe than use a weak password.

Protecting your password

Having a strong password isn't effective if you don't protect it.

  • Never send your password via email or store your passwords in plain text on your computer.
  • Never share your password with anyone. A password is meant to be a secret known only to you.
  • Never click on links in emails from people you don't know, even from what may appear to be trusted sources (e.g., your bank). Often these are lures to phishing (hoax) web sites designed to trick you into revealing your password. Read more about phishing and hoax emails.
  • Before you enter your password into the browser check you are on the correct website. Check the page is secure-one that has 'https' at the beginning of the address bar and a locked padlock at the bottom of the browser screen.
  • Don't save passwords for important accounts in your web browser as anyone who can access your computer can also access these accounts. Web browsers often prompt you to "save" your password. For accounts which have low value or importance to you, it is acceptable to "save" a password to your computer.