Weak passwords are easy for criminals to guess; they use automated software that can potentially guess 350 billion passwords per second!

If your password or PIN is captured, guessed or stolen, an attacker can potentially:

  • send emails from your accounts
  • withdraw money from your bank accounts
  • change files on your computer such as invoices
  • steal your identity.

Create Strong Passwords

The key thing to remember when creating a password is that the longer it is, the stronger it is!

Think of a passphrase that is made up of at least four words, including at least 13 characters, for example ‘horsecupstarshoe’. Make it meaningful to you so it is easy to remember.

  • Using strong passwords lowers your overall risk of a security breach, but they do not replace the need for other effective security controls, such as installing anti-virus software and updates to your operating system as soon as they’re released.

Do not include the following things in your passwords:

  • repeated characters
  • arbitrarily mixed letters, numbers and symbols 
  • single dictionary words, your street address or numeric sequences (such as 1234567)
  • personal information
  • anything you have previously used.

It is also better not to change your passwords frequently, for example each month, as it leads to poor passwords being created.


Use a Password Manager 

 You can install a password manager on your computer, smartphone or tablet. It will generate and remember secure passwords for you and some password managers will sync across your devices.

The downside is that if the password manager is breached, all your information is accessible.


Use two-factor authentication

 Two-factor authentication simply means there are two checks in place to prove your identity. An example is a code sent to your mobile phone.

If your bank password was hacked, for example, and you had two-factor authentication activated on your account, the hacker still couldn’t gain access. They would need both levels of authentication.


Password tiers


Password tier Account risk Account types Action
Tier 1 High risk accounts
  • Banking
  • Online payments
  • Social media
Use unique and complex passwords
Tier 2 Low risk accounts
  • No confidential information
  • No valuable information
  • Newsletters, catalogues
Less complex passwords are required


Maintain password and PIN hygiene to keep them safe


  • Don’t use the same password for multiple services or websites.
  • Don’t share your passwords with anyone.
  • Don’t provide your password in response to a phone call or email, regardless of how legitimate it might seem.
  • Don’t provide your password to a website you have accessed by following a link in an email—it may be a phishing trap.
  • Be cautious about using password-protected services on a public computer or over a public Wi-Fi hotspot.
  • If you think your password may have been compromised, change it immediately and check for any unauthorised activity. If the same compromised password has been used on another site, create a new password there as well.

Treat PINs in the same way you would a password

  • Don’t use obvious patterns like 1234, 4321 or 7777.
  • Don’t use postcodes, birthdays or other significant dates and numbers.
  • PINs should be a random mix of numbers, letters and characters.