Follow these dos and don’ts for safer and more secure passwords, so you’re protecting your online accounts from hackers as best you can.
• Don't use something that's easy to guess - like names of your family/ pets, birthday, nickname, football team etc. • Don’t use common dictionary words – like password, Admin • Try to use a different password for every site • Never write down your password or share it • Use a minimum of 8 characters, the longer the better • Try to use special characters when you can - like . @ ? • Don’t use repetitive or sequential characters – like aaaaa, 1234
Leave out any personal information, especially what’s available from your social media profiles, such as:
Now you’ve a strong password, let’s try to keep it safe:
Only you should know your passwords. You’ll be at risk of online fraud if you:
Starting with your most sensitive accounts – your email, banking and online storage – change your passwords every 6 months. If you get a suspicious email or a company’s data breach affects you, reset your password as soon as you can. Re-using an old password isn’t secure, so come up with one that you haven’t used online before.
You’ll be vulnerable to hacking unless you’ve a different password for every account. If one gets cracked, just the one account will be at risk, not everything you have.
Having unique passwords for all your accounts can be a lot to remember, so why not store them all in a secure app? 1Password, Enpass, LastPass, DashLane, Keeper Security and other password managers will keep them locked up under a very strong master password – and that’s the only one you’ll need to remember. Your app will sign you in to all your accounts and suggest even more secure passwords to help you beef up their level of protection. For added security, set up two-factor authentication for your password manager (see next).
Put a double-lock on your password manager or your email, online banking and social media. With 2-factor authentication set up, you’ll need to enter your password and a second piece of information – usually a one-time code from a text or mobile app, or you can use a Bluetooth-enabled security fob or a USB key in your computer as your 2-factor authentication. Have a look at Google’s Titan Security Key or delve in to your online account’s security settings to see if this extra layer of security is an option for you.
Try Google Authenticator, one of the most popular apps, or LastPass Authenticator, Microsoft Authenticator or another with good reviews on Google Play or Apple’s App Store. When you’ve downloaded and opened the app on your mobile, grab your tablet or laptop and connect your online accounts to the app. For example, on Facebook:
From now on, Facebook will ask you to sign in using a code shown on the app – these 6 digit numbers change every 10 to 20 seconds on your screen. And your phone will generate them even when you’re offline – you won’t need mobile internet or WiFi.
Putting ourselves out there on social media has made it easier for hackers to guess our mothers’ maiden names or the names of our first pets, so common security questions such as these aren’t very secure anymore. When setting up your online accounts, choose a password recovery question that only you’ll know. Or set clever answers. They can be anything – you don’t have to answer the question truthfully, you just have to remember the answer.
When you’re using coffee shop or public WiFi and you’re on a VPN (a virtual private network), you can be confident that hackers can’t see the passwords you’re typing. Though VPNs can’t protect you from viruses and malware, ExpressVPN, Surfshark, NordVPN and others will add a layer of privacy and protect your identity for a fee.
Leaving your computer unprotected is an invitation to hackers – even your strongest passwords are at risk of being stolen by spyware, cracked by keyloggers that secretly record your typing, and more types of malicious software (malware). If you have Virgin Media broadband, simply switch on your WebSafe settings or use Virgin Media Internet Security.
Downloading Kaspersky, McAfee, Norton’s or another antivirus will also block phishing scams and viruses, designed to trick you in to giving away your personal information or rob your sign in details. Find out more via our help article on how to stop spam
See our help guide for hacked Virgin Media Mail accounts if you were spooked by spam, had a ‘Compromised mail’ alert or something else.
Otherwise, if you’ve no viruses or malware on your device, secure your account:
online safety , including our guide on Keeping your online account secure.
Letting web browsers save your passwords is a no-no – passwords are easier to forget when you’re not typing them in but worse, if your computer’s stolen, borrowed or hacked, your accounts are goners. Anyone could use your sign in details, stored on Google Chrome or Safari. Jotting them down is also too risky, you never know who’s snooping around.
We've got other ways of helping