Passwords and passphrases
Passwords and PINs are used to identify who you are. They are the first line of defence to protect your information from cyber criminals. They should be a secret that only you know.
On this page
Weak passwords are easy for criminals to guess; they use automated software that can potentially guess 350 billion passwords per second!
If your password or PIN is captured, guessed or stolen, an attacker can potentially:
- send emails from your accounts
- withdraw money from your bank accounts
- change files on your computer such as invoices
- steal your identity.
Create strong passwords
The key thing to remember when creating a password is that the longer it is, the stronger it is!
Think of a passphrase that is made up of at least four words, including at least 13 characters, for example 'horsecupstarshoe'. Make it meaningful to you so it is easy to remember.
- Using strong passwords lowers your overall risk of a security breach, but they do not replace the need for other effective security controls, such as installing anti-virus software and updates to your operating system as soon as they’re released.
Do not include the following things in your passwords:
- repeated characters
- arbitrarily mixed letters, numbers and symbols
- single dictionary words, your street address or numeric sequences (such as 1234567)
- personal information
- anything you have previously used.
It is also better not to change your passwords frequently, for example each month, as it leads to poor passwords being created.
Use a password manager
You can install a password manager on your computer, smartphone or tablet. It will generate and remember secure passwords for you and some password managers will sync across your devices.
The downside is that if the password manager is breached, all your information is accessible.
Use two-factor authentication
Two-factor authentication simply means there are two checks in place to prove your identity. An example is a code sent to your mobile phone.
If your bank password was hacked, for example, and you had two-factor authentication activated on your account, the hacker still couldn’t gain access. They would need both levels of authentication.
Use password tiers
|Password tier||Account risk||Account types||Action|
|Tier 1||High risk accounts||
||Use unique and complex passwords|
|Tier 2||Low risk accounts||
||Less complex passwords are required|
- Don't use the same password for multiple services or websites.
- Don't share your passwords with anyone.
- Don't provide your password in response to a phone call or email, regardless of how legitimate it might seem.
- Don't provide your password to a website you have accessed by following a link in an email—it may be a phishing trap.
- Be cautious about using password-protected services on a public computer or over a public Wi-Fi hotspot.
- If you think your password may have been compromised, change it immediately and check for any unauthorised activity. If the same compromised password has been used on another site, create a new password there as well.
Treat PINs in the same way you would a password
- Don't use obvious patterns like 1234, 4321 or 7777.
- Don't use postcodes, birthdays or other significant dates and numbers.
- PINs should be a random mix of numbers, letters and characters.
|You have forgotten your password and your computer is locked||
|You are looking for more information on securing your desktop or laptop computer||
|Information on recent threats||Sign up to the free Stay Smart Online Alert Service|
A full list of useful contacts can be found on the Contact us page.
Find out more: