Help and advice
Using the same password in multiple places is asking for trouble – if a hacker gets access to one of your accounts they'll quickly be able to access others. This could have potentially costly consequences, so it's important to take digital security seriously.
Some of the ways online accounts are compromised:
- Data breach – your account details are stolen from a server
- Phishing attack – a spoof email/phone call asks you for your login details
- Social engineering – someone pretends to be you and requests information about your account from a third party
- Brute force attack – someone tried many different passwords until they guess the correct one
How to stay secure online
- Use different passwords across different websites.
- Use two-step verification when you can. This means you’ll need your password and a unique code from an app on your phone to log in. You request a new code when you try to log in. Codes are usually regenerated every 60 seconds, so even if someone has your password they won't be able to log in. This might not be available on all services.
- Use strong passwords – Google’s password creation advice suggests you avoid using common words or personal information as your password.
Avoid passwords like:
- Keyboard or sequential patterns like: qwertyuiop, asdfgh and 1234abcd
Microsoft advice on choosing passwords
Your password should:
- Be at least eight characters long
- Avoid your username, real name or company name
- Not contain a complete word
- Be significantly different to previous passwords
- Include uppercase letters, lowercase letters, numbers and symbols
A password generator can create long, randomised passwords that you can use. Online password generators automatically create a secure, random password. For example LastPass, a password management system, offers a password generator for anyone to use.
Using a password manager can be a convenient way to keep track of all of your different passwords.
Password managers store passwords for a variety of websites. Many of them can create strong passwords for you and help make sure you're using different passwords for different accounts. A number of different services offer this functionality, including LastPass, 1Password and KeePass.
Password managers work by saving your account passwords and filling in your credentials for you when you want to log in to a website. They're often a good way of balancing convenience and security. If there is a security breach on a site that holds your data, many password managers will alert you if your password has been compromised and offer to change it for you (depending on the service and platform you use).
Different password managers treat your data in different ways. For example, LastPass and 1Password keep your password data on their own servers, which carries inherent risks in terms of susceptibility to hackers. Cloud-based password storage like this means you can install your manager's browser plugin on a number of different machines and sync your passwords instantly between them – some security is exchanged for extra convenience. And just because your data is stored on an internet-connected server doesn’t mean that it’s waiting to be hacked – the LastPass website offers a lengthy explanation of its security process. On the other hand, with service like KeePass your data never leaves your machine.
We don’t recommend a particular approach – but we do urge you to read about the different types of service and to consider using a password manager for keeping track of all your different logins.