Here are some tips to help you create a password that's difficult to guess.
- Avoid names of family members or pets, or things that are obviously associated with you, like your date of birth, nickname, or the name of your favourite film or football team
- Don't use the same username and password for every site. It might seem to make life easier, but it leaves you wide open to fraud. If someone gets hold of your login details for one site, they might try and use them to get into your emails. And by reading your emails, the fraudsters could then get access to other online sites you've signed up to, including ones where you've stored credit card details. Ultimately the trail might lead them to your online bank account
- Change your password regularly, especially for financial sites
- Never write down your password, or share it with anyone else
- Always use a mix of small and capital letters, even if the site doesn't specifically ask for it
- Avoid using real words. Insert numbers or special characters or punctuation (if the site allows it)
Creating passwords based on phrases
One way to create passwords that are easy for you to remember and hard for others to guess is to use a mnemonic.
- Think of a short phrase - a line from a song or poem - and use the first letter of each word as your password
- Substitute words like "to" and "for" with "2" and "4. You could also use "5" in place of "S", "1" in place of "I" or "7" in place of "T" and so on
- To get a mix of lower case and capitals you could decide that all consonants will be lower case while all vowels will be upper case
So, "I wandered lonely as a cloud" becomes “1wlAAc”, while "To be or not to be: that is the question" becomes "2bOn2bt1tq".
If you struggle to think of different passwords for different sites, then you could take a phrase-based password and add an identifier for each site. Like, "1wlAAcEbAy" or "Utube1wlAAc".
If you remember the phrase and the rules you've thought up to turn it into a password, then it's actually quite easy to construct the password on the fly.
It's still best to have a completely different password for every site, and to take special care when creating passwords for any site that gives access to your financial information.
Be on the alert for 'phishing' emails
Don't inadvertently give your passwords away. One way fraudsters use to get people to reveal their passwords is through 'phishing' emails. These look as though they come from a genuine company and usually link out to a bogus website which asks you to put in your username and password to "validate your account" or "clear up" some security issue.
What is phishing? Is the email I have received genuine? >