Creating strong passwords is one of the most important steps you can take to protect yourself online.
By setting up strong passwords, using separate passwords for different accounts and storing them safely, you’ll make it much harder for a hacker to guess or attempt to crack your password to gain access to your online accounts and services.
If a hacker gets into your email, they could reset the passwords for your other accounts using the ‘forgot password’ feature, so setting up a strong password for your email is a good place to start.
Here's some useful advice on setting up, saving and updating passwords: and what to do if you think your passwords have been stolen:
- Set strong passwords using three random words, the longer the better. A strong password is especially important for your primary email account as you will likely use it as a ‘username’ for lots of online services.
- Use strong separate passwords for all of your user accounts and services. Using the same password for all services could leave all your user accounts open to criminals if just one account was compromised.
- Find it hard to remember your passwords? Use password manager apps or save them in your web browser so you don’t forget. More information on password managers and how they can help you can be found on the NCSC website
- You can check if any of your account passwords have been compromised in a security breach by visiting www.haveibeenpwned.com. If your email address is flagged as ‘compromised’ because of a data breach, you should change it immediately.
- Keep mobile devices secure with a strong password, PIN, pattern, or use fingerprint or facial recognition technology. Mobile devices such as smartphones and tablets are more likely to be lost or stolen, and if they are not secured, criminals could steal your data.
- Use Two Factor Authentication (2FA) where possible - this is a way of ‘doubling up’ on security by verifying it is you logging into your account. This is normally a code sent to your mobile phone, email address, or obtained from an authenticator app.
What to avoid
Many devices and software have default passwords in place (e.g password 123). You should change a default password to one that is strong and hard to guess.
Passwords that are based on your personal details are easy for hackers to guess - don't use a password that contains any of the following:
- Your partner’s name
- Your child’s name
- Your pet’s name
- Your place of birth
- Your favourite holiday
- Your favourite sports team
Useful resources
- For advice on setting up your mobile devices securely, visit our Mobile Device Security hub or download our handy pocket guide to share with your friends and family.
- Discover the steps you can take to improve your online security (including setting up passwords with NCSC’s Cyber Aware information.
- Read more about why the use of three random words in a password is recommended
- Learn more about Two Factor Authentication (2FA)
- Has your password been compromised? Have a look at this website: www.haveibeenpwned.com/