Create and use strong passwords

One of the most important ways to ensure that your online interactions are safe and secure is to protect your passwords. The good news is that protecting your passwords is in your control—you just need to create strong passwords and then keep them secret. Follow this advice to help keep your passwords out of the wrong hands.

Create strong passwords

Password security starts with creating a strong password. A strong password is:

  • At least 12 characters long but 14 or more is better
  • A combination of uppercase letters, lowercase letters, numbers, and symbols
  • Not a word that can be found in a dictionary
  • Not the name of a person or a popular entity such as a character, product, or organization
  • Significantly different from your previous passwords
  • Easy for you to remember but difficult for others to guess
  • Consider using a phrase like “6MonkeysLooking^”

Secure your passwords

Once you’ve created a strong password, you should follow these guidelines to keep it secure:

  • Don’t share a password with anyone. Not even a friend or family member. 
  • Never send a password by email, instant message, or any other means of communication that is not reliably secure.
  • Use a unique password for each website. If someone steals a password that you use on multiple websites, all the information that password protects on all of those sites is at risk.
  • If you don’t want to memorize multiple passwords, consider using a password manager. The best password managers will automatically update stored passwords, keep them encrypted, and require multi-factor authentication for access.
  • Don’t store a password on the device it’s designed to protect.
  • It’s ok to write your passwords down, as long as you keep them secure. Don’t write them on sticky notes or cards that you keep near the thing the password protects, even if you think they’re well-hidden they could be discovered. 

Or just a hint…

Rather than writing down your password, consider writing down a hint that reminds you of what the password is. So if your password is “Paris4SpringVacation!” you could write down “Your favorite trip.”

  • Whenever possible, change passwords immediately on accounts you suspect may have been compromised, or even if you just think the password has been compromised.
  • Avoid entering your password on any device if you’re unsure whether that device is secure. Devices that are shared or available for public use might have keylogging software installed that could capture your password as you type it. You should also avoid allowing your password to be saved on shared or public computers.
  • Enable multi-factor authentication (MFA) whenever available. MFA is a method of access control that requires more than one credential for verification—such as requiring both a password and a pin. This adds another layer of security in case someone guesses or steals your password.

Tip

If you’re asked to create answers to security questions, provide an unrelated answer. For example, if the question is “Where were you born?” you might answer “Green.” Answers like these can’t be found by trolling Twitter or Facebook. (Just be sure they make sense to you, so you’ll remember them.)

Don’t be tricked into revealing your passwords

Criminals can try to break your password, but sometimes it’s easier to exploit human nature and trick you into revealing it. You’re most vulnerable to scams that look genuine.

You might receive an email message pretending to be from an online store (like eBay or Amazon) or a phone call from your “bank” that tries to convince you of the “legitimate” need for your password or other sensitive information. It could be a phishing scam. (You may have heard these con games referred to as social engineering.)

Here are some guidelines to follow to protect your passwords and other sensitive information:

  • In general, be wary of anyone who is requesting sensitive information from you, even if it’s someone you know or a company you trust. For example, a crook may have hijacked a friend’s account and sent email to everyone in the friend’s address book. Treat all unsolicited requests for sensitive information with caution.
  • Never share your password in response to an email or phone request—for example, to verify your identity—even if it appears to be from a trusted company or person.
  • Always access websites using trusted links. Scammers can copy the look of a company’s communications to fool you into clicking a phony link or attachment, so use caution with links that appear in unsolicited emails, instant messages, or SMS messages. If in doubt, go directly to the official website of the bank or other service you’re trying to access via your own bookmark or by typing the legitimate address of the service in yourself.

Disclaimer

The information provided is general in nature. It has been prepared without taking into account any of your individual objectives, financial situation or needs. Before acting on this advice you should consider the appropriateness of the advice, having regard to your own objectives, financial situation and needs. This publication is prepared by IOOF for: Bridges Financial Services Pty Limited ABN 60 003 474 977 AFSL 240837, Consultum Financial Advisers Pty Ltd ABN 65 006 373 995 AFSL 230323, Elders Financial Planning ABN 48 007 997 186 AFSL 224645, Financial Services Partners Pty Ltd ABN 15 089 512 587 AFSL 237 590, Millennium3 Financial Services Pty Ltd ABN 61 094 529 987 AFSL 244252, RI Advice Group Pty Ltd ABN 23 001 774 125 AFSL 238429, Shadforth Financial Group Ltd ABN 27 127 508 472 AFSL 318613 (‘Advice Licensees’). This publication is not available for distribution outside Australia and may not be passed on to any third person without the prior written consent of the Advice Licensees. The views expressed in this publication are solely those of the author; they are not reflective or indicative of the Advice Licensees position and are not to be attributed to the Advice Licensees. They cannot be reproduced in any form without the express written consent of the author.

Share this:

Disclaimer: The information contained in this document is based on information believed to be accurate and reliable at the time of publication. Any illustrations of past performance do not imply similar performance in the future. To the extent permissible by law, neither we nor any of our related entities, employees, or directors gives any representation or warranty as to the reliability, accuracy or completeness of the information; or accepts any responsibility for any person acting, or refraining from acting, on the basis of information contained in this newsletter. This information is of a general nature only. It is not intended as personal advice or as an investment recommendation, and does not take into account the particular investment objectives, financial situation and needs of a particular investor. Before making an investment decision you should read the product disclosure statement of any financial product referred to in this newsletter and speak with your financial planner to assess whether the advice is appropriate to your particular investment objectives, financial situation and needs.