Improve your password security

Your passwords are like the keys to your home. If they fall into the wrong hands, criminals can get inside your accounts and steal your information.

To protect your bank details and personal information, it’s vital that the passwords to your most important accounts are:

  • unique
  • hard to guess
  • kept secret at all times

Prioritise your email security

If someone breaks into your email account they could access your other online accounts using the ‘forgot password’ feature, or access personal information which they can later use in an attempt to defraud you or people you know.

This is why you should always use a strong and separate password for your email account.

Ideally, you should do the same for other accounts such as your social media and online shopping accounts. That way, if one account is hacked, a criminal won’t be able to access your other accounts using the same password.

Here are 3 top tips for improving your password security.

On this page:

  1. Create strong passwords using ‘3 random words’
  2. Use a password manager to keep track of your passwords
  3. Change default passwords and PINs on smart devices (for example 0000)

1. Create strong passwords using ‘3 random words’

Weak passwords can be cracked in seconds. The longer and more unusual your password is, the harder it is for a criminal to crack.

What to do

A good way to make sure your passwords are ‘long enough and strong enough’ is to combine 3 random words to create a unique password which is easy to remember. Like CactusBicyclePants. Or MoonBellowGiraffe.

It’s up to you which 3 words you choose. And you can include capital letters, numbers and special characters if the website requires them (Cactus.3icycle!Pants). Just make sure you choose a different set of words for each account you create.

What NOT to do

To keep your accounts secure:

  • don’t create passwords from words connected to you (for example your date of birth, address or pet’s name)
  • don’t use predictable and common passwords that a fraudster could easily guess (for example pa55word, 123456)
  • don’t use the same password for different accounts

2. Use a password manager to keep track of your passwords

The problem with having lots of different passwords is that they can be difficult to remember. This is where a password manager can help.

What is a password manager?

A password manager is a tool that generates, stores and protects all your passwords. Any personal information stored in a password manager is encrypted, protecting it from criminals. It can only be unlocked with your ‘master’ password – so you only have one password to remember.

There are two main types of password manager: app and browser.

With an app, your passwords are safely stored in a dedicated password manager app on your phone, tablet or computer. You may need to pay a subscription for this type of password manager.

On a browser, your passwords are saved securely to a password manager built in to your web browser (for example Chrome, Safari, Edge).

Your browser may offer to create and remember a password for you. As long as you’re on a device you don’t share with anyone else, it’s safe for you to do this.

Protecting your password manager account

A password manager is a great way to securely store your passwords, as you only need to remember one ‘master’ password. However, if a criminal gets hold of that password, they will have access to all your accounts.

We therefore strongly recommend that you take the following steps to protect your password manager account:

  • Choose a strong ‘master’ password to control access to your password manager account (for example by using 3 random words). Note that you can’t store this password in the password manager itself, so if you can’t remember it, it’s OK for you to write it down on paper, provided you keep it safe and out of sight
  • Turn on 2-step verification on the password manager account. This means that anyone trying to access the password manager will be asked for more information to prove their identity – whether that’s a unique one-off code, facial or fingertip recognition. So even if a criminal knows the ‘master’ password, they still won’t be able to access your password manager account
  • Install updates for your password manager app as soon as you’re prompted

Saving passwords in web browsers

Most web browsers will offer to save your passwords for you when you register or log in to accounts. When you return to the website or app, the browser will autofill the password for you. As long as you’re on a device you don’t share with anyone else, it’s safe for you to do this.

3. Change default passwords and PINs on smart devices

Many people have smart devices in their homes – TVs, games consoles, fridges, thermostats and others, which are connected to the internet. These devices often come with default passwords or PIN codes which are easy to guess, like 0000. To protect your smart devices from criminals you should:

  • always change the default password or PIN code
  • if possible, choose a long and strong password using a secure method such as 3 random words

Other ways to protect yourself

Learn further steps to protect yourself and others from fraud.