Password
Security

Your laptops, desktop computers, tablets and smartphones contain your data, but they also store the details of the online accounts that you access, so both your devices and your accounts should always be password protected. Passwords are an easy and effective way to prevent unauthorised users accessing your devices. Passwords should be easy to remember and hard for somebody else to guess. The default passwords which come with new devices such as ‘admin’ and ‘password’ are the easiest of all for attackers to guess. So, you must change all default passwords before devices are connected to the internet. The use of multifactor authentication (MFA), 6-digit PIN numbers, fingerprint or facial recognition can increase the security of your devices.

We are often told that the passwords used to access our online accounts should be really strong, and not to use them anywhere else, this is especially true for the password for your email account. If you've used the same password across different accounts, Cyber Criminals only need one password to access all your accounts. Always use a strong and separate password for your email that is a password that you don’t use for any of your other accounts, either at home or at work. Having a strong and separate password for your email means that if Cyber Criminals steal the password for one of your less-important accounts, they can’t use it to access your email account.

Ideally, you should use unique passwords for all your important online accounts (such as banking accounts, shopping/payment accounts and social media accounts), not just your email account. You should also provide additional protection by setting up multifactor authentication (MFA) on any account that supports it, which will prevent a Cyber Criminal from accessing your accounts even if they know your password.

Weak passwords can be cracked in seconds. The longer and more unusual your password is, the harder it is for a Cyber Criminal to guess. A good way to make your password difficult to guess and easy to remember is by combining three random words to create a single password. If you can pick ones that are not in the dictionary, such a proper nouns so much the better. For example, your three words might be Bath, Samuel, and Panda. Capital letters and memorable numbers make things much harder for Cyber Criminal to guess. So 'Bath25Samuel31Panda' represents a pretty secure password. Just ensure that the words aren't too familiar so no significant dates (like your birthday, or a loved one’s), or from your favourite sports team, or by using family and pet names. Most of these details can be found within your social media profile.

If you’re thinking of changing certain characters in your password (so swapping the letter ‘o' with a zero, for example), you should know that cyber criminals know these tricks as well. So, your password won’t be significantly stronger, but it will be harder for you to remember.

Passwords generated from three random words is a good way to create unique passwords that are ‘long enough' and ‘strong enough’ for most purposes, but which can also be remembered much more easily.

You should change any passwords that are not secure and enable MFA on any accounts that support it. The recommendation is that any account that has MFA enabled the password needs to be a minimum of 8 characters and anything else should be a minimum of 12 characters but longer is stronger. For any device that requires a PIN number the minimum recommended is 6 characters but again longer is stronger.