How to create a strong password

Only you should know your passwords. You’ll be at risk of online fraud if you:

• Tell anyone trustworthy – not even your family, technical support agents or computer engineers can know your passwords because their computer may be infected with malware or they may jot down your details. Plus, there’s no safe way to share your password. You never know who’s snooping on your texts, emails or conversations in public.
• Fall for scam emails and calls – criminals will try to trick you into giving away your details but you know you never can.
• Forget to log out – when using computers that aren’t yours (at libraries, internet cafes…) sign out of every website and let none of them save your password or details.

Starting with your most sensitive accounts – your email, banking and online storage – change your passwords every 6 months. If you get a suspicious email or a company’s data breach affects you, reset your password as soon as you can. Re-using an old password isn’t secure, so come up with one that you haven’t used online before.

You’ll be vulnerable to hacking unless you’ve a different password for every account. If one gets cracked, just the one account will be at risk, not everything you have.

Having unique passwords for all your accounts can be a lot to remember, so why not store them all in a secure app? 1Password, Enpass, LastPass, DashLane, Keeper Security and other password managers will keep them locked up under a very strong master password – and that’s the only one you’ll need to remember. Your app will sign you in to all your accounts and suggest even more secure passwords to help you beef up their level of protection. For added security, set up two-factor authentication for your password manager (see next).

Put a double-lock on your password manager or your email, online banking and social media. With 2-factor authentication set up, you’ll need to enter your password and a second piece of information – usually a one-time code from a text or mobile app, or you can use a Bluetooth-enabled security fob or a USB key in your computer as your 2-factor authentication. Have a look at Google’s Titan Security Key or delve in to your online account’s security settings to see if this extra layer of security is an option for you.

Try Google Authenticator, one of the most popular apps, or LastPass Authenticator, Microsoft Authenticator or another with good reviews on Google Play or Apple’s App Store. When you’ve downloaded and opened the app on your mobile, grab your tablet or laptop and connect your online accounts to the app. For example, on Facebook:

1. Tap Settings > Security and Login > Two-Factor Authentication > Get Started > Authenticator App.
2. Open the app on your mobile and tap Scan A Barcode (or similar).
3. Scan Facebook’s QR code using your phone – you’ll get a code.
4. Enter the code on Facebook.

From now on, Facebook will ask you to sign in using a code shown on the app – these 6 digit numbers change every 10 to 20 seconds on your screen. And your phone will generate them even when you’re offline – you won’t need mobile internet or WiFi.

Putting ourselves out there on social media has made it easier for hackers to guess our mothers’ maiden names or the names of our first pets, so common security questions such as these aren’t very secure anymore. When setting up your online accounts, choose a password recovery question that only you’ll know. Or set clever answers. They can be anything – you don’t have to answer the question truthfully, you just have to remember the answer.

When you’re using coffee shop or public WiFi and you’re on a VPN (a virtual private network), you can be confident that hackers can’t see the passwords you’re typing. Though VPNs can’t protect you from viruses and malware, ExpressVPN, Surfshark, NordVPN and others will add a layer of privacy and protect your identity for a fee.

Leaving your computer unprotected is an invitation to hackers – even your strongest passwords are at risk of being stolen by spyware, cracked by keyloggers that secretly record your typing, and more types of malicious software (malware). If you have Virgin Media broadband, simply switch on your WebSafe settings or use Virgin Media Internet Security.

Downloading Kaspersky, McAfee, Norton’s or another antivirus will also block phishing scams and viruses, designed to trick you in to giving away your personal information or rob your sign in details. Find out more via our help article on how to stop spam

See our help guide for hacked Virgin Media Mail accounts if you were spooked by spam, had a ‘Compromised mail’ alert or something else.

Otherwise, if you’ve no viruses or malware on your device, secure your account:

1. Sign in on My Virgin Media – tap My Profile > Change Password.
2. Create a strong new password – remember what you’ve read.
3. Reset your security question and answer.

online safety , including our guide on Keeping your online account secure.

• Set up a password manager – to remember your passwords for you.
• Create memorable passwords – e.g. based on your favourite song lyrics or rhymes.

Letting web browsers save your passwords is a no-no – passwords are easier to forget when you’re not typing them in but worse, if your computer’s stolen, borrowed or hacked, your accounts are goners. Anyone could use your sign in details, stored on Google Chrome or Safari. Jotting them down is also too risky, you never know who’s snooping around.