Go to top of page

Four ways to create better passwords – from basic to best!

29 April 2019

Strong passwords are your first line of defence against cybercriminals. Check out our four top tips on strong passwords to mark World Password Day on Thursday 2 May.

We access so many online services every day that it’s easy to suffer password overload. It might be tempting to use the same password across lots of accounts or simply change a character here and there.

Cybercriminals use a variety of techniques to crack passwords – in fact, lots of these techniques are freely available and shared on the internet. Things like simply typing in the most commonly-used passwords such as 123456, qwerty, popular football teams, music bands and even the word ‘password’; using sophisticated software that can guess billions of passwords per second; and social engineering where people are tricked into handing over personal details through online quizzes and phishing messages.

Once a cybercriminal has your password they can use it to commit a host of cybercrimes like:

  • sending emails from your accounts
  • withdrawing money from your bank accounts
  • accessing your accounts to share private or work files or lock you out
  • stealing your identity.

The good news is that you can reduce the password burden and still have great password security if you follow our simple tips.

Four ways to take your passwords from basic to best

  1. Change the default passwords on your devices. Many smart devices, including home internet routers, come with default passwords or passcodes which are easily found on the internet by cybercriminals. Change default passwords as soon as possible to a strong password. You can look up how to change the default password on the manufacturer’s official website or contact their customer service centre.
  2. Don’t use your personal info in your passwords. While your date of birth, car registration, or children and pets' names might be easy for you to remember, if this info about you is public – either on or offline – you shouldn’t base your passwords on these details because your password will be too easy to guess. 
  3. Turn on two-factor authentication. Two-factor authentication (2FA) simply means there are two checks in place to prove your identity. For example, it could be a code sent to your mobile phone. If your bank password was hacked and you had two-factor authentication for your account, the hacker couldn’t gain access without the mobile code.
  4. What is a strong password? You can make a strong password with four random words that total up to 13 characters or more. Your passphrase is meaningful to you but not easy for others to guess.

Do you use the same password on any of your accounts? Check if any of your email addresses have been breached at the website of security researcher Troy Hunt – Have I Been Pwned?. If you’ve been breached, change your password as soon as possible and make sure you haven’t used the same password on any of your other accounts. 

By using a variety of hard-to-guess passphrases across your accounts, and using 2FA wherever possible, you’ve shifted your passwords from basic to best!

More information

Read more about passwords and passphrases, as well as password tips for businesses.

Stay Smart Online also has information on protecting your information online and protecting your mobiles and tablets.

Find out where to get help if you believe you have become a victim of a scam.