Security Advice - Password

Don’t make it easy for hackers to guess your password. Use strong passwords and keep the bad guys out.

Risks

  • The best security in the world is useless if a malicious person has a legitimate user name and password. They can do everything you can do.
  • Some people’s passwords are just easy to guess, like “password”.
  • Others use plain words that can be guessed by a hacker’s program that tries every word in the dictionary.
  • If you use the same password for every site, a hacker only has to break it once to have access to everything.

Do use strong passwords

A good password:
  • Needn’t be a word at all. It can be a combination of letters, numbers and keyboard symbols.
  • Is at least seven characters long. Longer passwords are harder to guess or break.
  • Does not contain your user name, real name, or company name.
  • Contains a mix of upper and lower case letters, numbers and keyboard symbols (i.e. ` ~ ! @ # $ % ^ & * ( ) _ + - = { } | [ ] \ : " ; ' < > ? , . /).
  • However, be aware that some of these punctuation marks may be difficult to enter on foreign keyboards if you are travelling.
  • Is changed regularly.

Don’t use weak passwords

Avoid weak passwords. This means:
  • Using no password at all.
  • Using a commonplace dictionary word.
  • Something that is easy to work out with a little background knowledge. For example: favourite football team, birthday, spouse's name etc.
  • The most common password is ‘Password’ so that’s an obvious one to avoid.
  • A password you haven’t changed in more than a couple of months.

Look after your passwords

  • Never disclose your passwords to anyone else.
  • Don't enter your password when others can see what you are typing.
  • Use different passwords for different services. In particular have a unique password for banking sites.
  • Change passwords regularly.
  • Don’t recycle passwords (e.g. password2, password3).
  • Don’t write passwords down. Instead, use memory tricks to remember them. For example, make a password out of the first letters of each word in a memorable phrase or substitute numbers for letters (for example: 5 for s, 3 for e).
  • Don’t send your password by email. No reputable firm will ask you to do this.
  • If you think that someone else knows your password, change it immediately.
*