Create strong passwords
Password security starts with creating a strong password.
A strong password is:
- At least eight characters or more – the longer the better
- A combination of uppercase letters, lowercase letters, numbers, and symbols
- A word that cannot be found in a dictionary
- Not the name of a person or a popular entity such as a character, product or organisation
- Completely different from your previous passwords
- Easy for you to remember but difficult for others to guess
Secure your passwords
Once you’ve created a strong password, you should follow these guidelines to keep it secure:
- Don’t share your passwords with anyone – not even a friend or family member.
- Never send a password by email, instant message or any other means of communication that is not reliably secure.
- Use a unique password. If someone steals a password that you use on multiple websites, all the information which that password protects on all of those sites is at risk.
- If you don’t want to memorise multiple passwords, consider using a password manager. The best password managers will automatically update stored passwords, keep them encrypted and require multi-factor authentication for access.
- Don’t store a password on the device it’s designed to protect.
- Change your passwords regularly, particularly those that safeguard your computer, important accounts (like email or Facebook) and sensitive information.
- Whenever possible, change passwords immediately on accounts that you suspect may have been compromised.
- Avoid entering your password on any device if you’re unsure whether that device is secure. Devices that are shared or available for public use might have keylogging software installed that could capture your password as you type it. You should also not allow your password to be saved on shared or public computers.
Don’t be tricked into revealing your passwords
Criminals can try to break your passwords, but sometimes it’s easier to exploit human nature and trick you into revealing it. You’re most vulnerable to scams that look genuine.
You might receive an email message pretending to be from an online store (like eBay or Amazon) or a phone call from your ‘bank’ that tries to convince you of the ‘legitimate’ need for your password or other sensitive information. This could be part of a phishing scam. (You may have heard these con games being referred to as social engineering.)
Here are some guidelines to follow to protect your passwords and other sensitive information:
- In general, be wary of anyone who is requesting sensitive information from you, even if it’s someone you know or a company you trust. For example, a criminal may have hijacked a friend’s account and sent emails to everyone in the friend’s address book. Treat all unsolicited requests for sensitive information with caution.
- Never share your password in response to an email or phone request – for example, to verify your identity – even if it appears to be from a trusted company or person.
- Always access websites by using trusted links. Scammers can copy the look of a company’s communications to fool you into clicking a phony link or attachment, so use caution with links that appear in unsolicited emails, instant messages or SMS messages. If in doubt, go directly to the official website of the bank or other service provider that you’re trying to access.