Information Security


Create strong passwords

Create strong passwords


Armed with your passwords, criminals can get into your online accounts or profiles and steal your money, identity and more besides. They could even try to blackmail you. That's why you should never share your passwords, even with people you trust. Find out how to create passwords that are practically impossible to crack and what to do if any of them end up in the wrong hands.



At a glance

  • Never give your passwords to anyone. Ever.
  • For strong passwords, use long passwords - at least 12 characters. It really is as simple as that - there's no need for anything clever.
  • Create a different password for every account.
  • If you've had your password stolen, change it and report it immediately.

In detail

There's little point having a cast-iron password that takes trillion of years (yes, really!) for a computer to crack, if you let criminals operating online pinch it from right under your nose. The three main ways passwords find their way into the wrong hands are through phishing (fraudulent emails), malware (particularly keylogging programs) and companies who don't do enough to keep your information safe. Creating different strong passwords for every account (as described below) will limit the damage if your personal details gets leaked, and there is plenty you can do to protect your computer and data from the other two threats, as explained on our phishing and malware pages.

Pick a memorable phrase that you won't need to write down (e.g. thisisareallylongpassword). That's it! Despite the fact that many websites insist you use a mix of character types (e.g. upper case, lower case, numbers, symbols, etc.) to make your password secure, sheer length is the easiest way to make passwords practically unbreakable.

If you do have to create a password that includes a mix of characters and has a limited character length (as some online services insist), another idea is to choose the initial letters of words in a line from a favourite song or poem, and replace some of the letters with different character types that look similar. For example, Shall I compare thee to a summer's day? becomes S1ctt@5d?. If you do need to write it down, make sure you keep it in a secure place away from prying eyes.

The simplest way to create a different password for each new login you set up is to add extra characters to the end or beginning of your core password (i.e. your memorable phrase). If you're worried you won’t be able to remember each one, it's perfectly safe to note the extra characters down, provided you keep your memorable phrase secret. So you might write down, for example, Amazon – i!tt (suffix) or Gmail – pc$0 (prefix).

There is also a wide variety of free open-source and commercial password manager programs available online for download to your computer or phone, such as KeePass, Apple Keychain, LastPass or 1Password. Many have handy extra features such as the ability to generate truly random and almost unbreakable passwords at the click of a button.