
How to keep your passwords safe
Are you concerned about password security? Read our simple guide to learn how to create strong passwords and store them securely.
10 June 2022
Most of us know that password security is really important, often being reminded that you shouldn’t use the same password for more than one thing as it can increase your chances of a hacker gaining access to more of your personal information.
In an increasingly digital world, needing to think up a different password for all your digital applications including email accounts, online banking and new apps you download can make it tricky to keep track and remember all of your unique passwords.
Fortunately, there are steps you can take to keep your password safe, and some digital tools to help you remember them too. Keep reading to find out how.

The Importance of Password Security
We use passwords online for lots of things: accessing your emails, shopping, banking, and much more. They offer us protection, so that your personal details stay personal. It’s these details that cyber criminals seek, so they can take advantage of your money, your identity and information that might be stored on your digital devices. If your password is weak, they could find a way to crack it, so it’s really important to have strong passwords for all of your accounts.
Criminals can try to access your password in a variety of ways, let’s take a look at some of them:
Phishing
This is one of the most common techniques used by cyber criminals. They send you an email that poses as something legitimate. It usually contains an attachment or link for you to click. The criminals aim is to convince you that you need to click the link or open the attachment. They might do this by luring you with the promise of exciting or exclusive information, or they might try to create a sense of urgency so you feel you don’t have the time to properly explore the email's legitimacy.
Clicking on the link or opening the attachment could lead to malware (malicious software) being dropped on to your device without your knowledge. Some types of malware are able to clone data and passwords in the background, as you use your device. Don’t click on links or open attachments in emails you’re suspicious of, or weren’t expecting. Get in touch with the person or company that sent you the email first using a method you know and trust.
Brute force attack
Brute force attacks use sophisticated software that fires out words or phrases until it guesses your password. A simple way to protect yourself is to lengthen your password - the shorter it is, the easier it is for the software to guess. A more advanced way cyber criminals brute force a password is using something called a dictionary attack. This type of attack uses a piece of software to feed in common passwords, phrases or information gathered about someone to make it easier to crack their password.
That’s why you shouldn’t use your favourite team, street name or pet’s name as a password.
Shoulder surfing
Sometimes, stealing a password doesn’t require advanced technical skills. All a cyber-criminal needs is a keen eye, and for someone to stop paying attention for a few seconds. Shoulder surfing is the act of peering over someone’s shoulder to watch them type in their password, or to steal other sensitive information.
Be aware of your surroundings when you’re typing passwords or sensitive information into your device.
Social Engineering
Social engineering covers a broad range of malicious activities that rely heavily on human interaction. Generally, it involves tricking people into making security mistakes or giving away sensitive information by using information the cybercriminal has learned about them and manipulated. Some cyber criminals may use social engineering techniques to gain remote access to your computer.
It's important that you never enter any passwords, or log into any sensitive websites, such as online banking, if you’ve allowed someone remote access to your computer. It could potentially allow them to see and record the details you enter, and compromise your account.
We unwittingly give away lots of personal information about ourselves online, that cyber criminals can use to their advantage. Take a look at this module to find out what information we give away and the measures we can take to prevent that information falling into the wrong hands.

Password Security Best Practices
It’s important to use different passwords for each account you have, but what makes a strong password? Here are our top tips:
• Never use the same password across multiple accounts, if it’s hacked, the criminal could access all of your online accounts that have the same password
• Create passwords that are difficult to guess, but easy to remember, avoiding single words. Try to combine words into memorable phrases, but don’t use information like your date of birth or addresses
• Use long passwords, try to use at least 12 characters or longer
• Use both uppercase and lowercase characters, and incorporate numbers and punctuation characters for complexity
• Never share your passwords with others.
A good way to create a strong and memorable password is to use three random words that are easy for you to remember, but difficult for someone else to guess. Adding capital letters, numbers and symbols will make your password even stronger.
Here's one we cam up with:
Two Factor Authentication
In addition to our suggestions for keeping your passwords safe, two-factor authentication (2FA) provides your accounts with an extra layer of security and can stop cyber criminals accessing your account – even if they have your password.
You’ll be asked to verify a second piece of information after entering your password, this could be digits from a code sent via a text message (SMS), a notification in your app or providing fingerprint or facial recognition.
This type of security means that your account can’t be accessed directly from just entering your password, adding another barrier between your personal details and cyber criminals.
Some online services will already have 2FA switched on. However most don't, so you will need to switch it on yourself to give extra protection to your other online accounts, such as email, social media and cloud storage. If available, the option to switch on 2FA is usually found in the security settings of your account - where it may also be called 'two-step verification (2SV) or multi-factor authentication (MFA).
The National Cyber Security Centre (NCSC) Cyber Aware pages contain up-to-date links to the instructions on how to set up 2FA across popular online services such as Gmail, Facebook, Twitter, LinkedIn, and Outlook.

How to Securely Store Passwords
Take a look at your device - how many applications or accounts do you have on it? Chances are that each of them ask you to enter a password before you can use it or make any changes to certain details held. If you have a different password for each of them, you might need to remember up to 100, maybe even more, different passwords. It’s easy to understand why many of us reuse the same password for more than one account.
Reusing the same password across different accounts can make you an easy target for cyber criminals, but keeping track of lots of different, complex passwords isn’t always easy. A password manager might be able to help.
A password manager is an application (app) on your smart phone, tablet or computer that stores your passwords securely - so you don’t need to remember them all. You’ll just have to remember one password, the one to access your password manager.
Some password managers can synchronise your passwords across different devices, making it easier to log on, wherever you are. Some can also create random, unique passwords for you, when you need to create a new password (or change an existing one). Many can also automatically enter the appropriate password into websites and apps on your behalf, so you don't have to type them in every time you log in, and risk a shoulder surfer spotting what you’ve typed.
They're designed to make using and generating passwords easier and more secure and you might already be using a password manager without even knowing it, as many are built into your internet browser (such as Google Chrome, Microsoft Edge or Firefox), or are part of the operating system on your smartphone or tablet.
You may have noticed when you sign in to an account, a box appears asking you if you want the browser (or device) to remember your password. If you’re not sharing the device with anyone else, it’s safe to tick the box. If it doesn't offer to save your password, you may need to turn the option on in your device settings.

Stand-alone password manager apps are also available to download, many of which can be installed on different types of devices. It's worth looking at online reviews for the password managers you're considering, and deciding on the features you need, before choosing one that's right for you.
Whether you're using a stand-alone password manager or a built-in one, it’s important to keep your password manager account secure so choose a strong password for it. You can’t store this in the password manager itself, but it’s OK to write this one down as long as it’s stored somewhere safe - away from your device – where no one else can access it.
Using strong passwords is really important, they’re the gateway to keeping your details safe online. Is your password on this list of most common passwords from the National Cyber Security Centre (NCSC) in 2021? If it is, it’s a good idea to change it.
Password |
Number of users |
Time taken to crack |
---|---|---|
123456 |
103,170,552 |
Less than a second |
123456789 |
46,027,530 |
Less than a second |
12345 |
32,955,431 |
Less than a second |
qwerty |
22,317,280 |
Less than a second |
password |
20,958,297 |
Less than a second |
12345678 |
14,745,771 |
Less than a second |
111111 |
13,354,149 |
Less than a second |
123123 |
10,244,398 |
Less than a second |
1234567890 |
9,646,621 |
Less than a second |
1234567 |
9,396,813 |
Less than a second |
Why not check how strong your password is and find out more about all of topics mentioned in this blog in our safe passwords module on Digital Wings.