To improve the security of your online accounts you can follow a few key steps when creating passwords for anything you access online.
We recommend you choose a password that is a minimum of 8 characters, and consists of uppercase and lowercase letters, as well as numbers. We also don’t recommend you use full words. All of these steps make it very difficult for automated programs and hackers to guess your password.
The longer the password is, the less likely it is that someone else will be able to guess it or otherwise find out what it is.
Top Password Security tips
Do not reuse passwords between websites
It’s very tempting to use the same password you use for one online account with another website, but it is absolutely critical in this day and age that you do not fall into this habit.
Hackers know that a great deal of people use the same (or similar) passwords for most of the accounts they use online, so when they get hold of a password for one account, they will often use an automated process to try and login to as many online services as they can with that password.
In that scenario, if your email account is compromised and you use the same password for an online shopping website, as well as your social network profile and your online bank – the hacker will be able to login to all of those services.
The problem with ensuring that you do not reuse passwords across different websites is of course that you may find it difficult to remember all your passwords. We recommend using a secure reputable password manager to hold your passwords for you – see ‘Use a password manager’ below to learn more.
Use strong passwords
Strong passwords use a combination of uppercase and lowercase letters, numbers and if possible special characters. This makes it very difficult for automated programs and hackers to guess your password. Check out the ‘Understand how accounts become compromised’ section to understand how account passwords are often guessed.
Do not use real words in your password. Hackers will often use an automated system to attempt to use dictionary words as your password, so if your password consists of a dictionary word – there’s a good chance they’d be able to login and compromise your account.
A good way of securing your password is to substitute some of the letters in your password for numbers. For example, instead of writing the letter ‘S’, you could use the number 5, which looks very similar. The same applies for other letter and number combinations
Never share your passwords with anyone
It may sound like a basic point, but it’s one of the most important. Never share your password with anyone. You may inherently trust that person, but you have no guarantee that they follow adequate security precautions and you can therefore not be certain of the security of the password that you have shared.
For example, if you provide your password to someone who enters it into a computer that is infected with malware, or they write it into a book of passwords that they keep – your defences to online fraud are instantly weakened.
This includes speaking to professionals like Technical Support Agents, or your computer engineer.
Change your passwords regularly
It is good practice to regularly change the passwords you use online, even if you use strong, unique passwords and don’t have any reason to believe your account is compromised.
Online accounts can be compromised (sometimes through no fault of your own) and hackers may just monitor your online accounts – such as your email address, waiting for something valuable to appear, such as a password reset email for your online bank.
There may be no visible symptoms that your account has been compromised, so changing your password regularly is a good way of minimising the risk of this happening.
It’s up to you how often you change your passwords, but it’s generally a good idea to change them every few months.
Use a password manager
Password managers are software applications that store your login information for all the websites you use and help you log into them automatically. They encrypt your password database with a master password – the master password is the only one you have to remember.
This allows you to have strong, unique passwords for all your online accounts – meaning you don’t have to remember them.
When using a password manager, it is vital that you use a completely unique and very complex master password, and use two-factor authentication where possible. If your password manager’s master password is obtained by a third party, they could then gain access to all of your online accounts from there.
Be sure to use a reputable password manager by researching and reading user reviews before downloading/installing.
Review your password recovery questions
Most online services have password recovery options that can be used to regain access to your account if you forget the password for it. These questions normally ask for things like your favourite football team or your mother’s maiden name.
Ensure that you make these questions and answers as hard as possible to guess and if possible, select questions that only you will be able to answer.