Follow these dos and don’ts for safer and more secure passwords, so you’re protecting your online accounts from hackers as best you can.
Random combinations spat out of password storage apps or password generators are so hard to crack, because they’re super long, unique and totally impersonal. But even without Norton Password Generator, LastPass or NordPass, you could come up with something strong on your own, following these criteria:
Aim for 8 to 12 characters. Your password will be more secure and harder to crack, the longer it is.
Strong passwords include:
Your passwords are a little too week if they’re:
Using your favourite song lyrics, catch phrase or poem, you can create a bunch of characters that seem unique and random to everyone but you.
Example: ‘Do you believe in life after love?’
What you end up with are memorable code words that are pretty much impossible to guess and can’t be found in the dictionary. If random symbols or special characters are tricky for you to remember, create a face using punctuation: emoticons such as Happy =) Winking ;-) Heart <3 or Sunglasses 8-)
Leave out any personal information, especially what’s available from your social media profiles, such as:
Now you’ve a strong password, let’s try to keep it safe:
Only you should know your passwords. You’ll be at risk of online fraud if you:
Starting with your most sensitive accounts – your email, banking and online storage – change your passwords every 6 months. If you get a suspicious email or a company’s data breach affects you, reset your password as soon as you can. Re-using an old password isn’t secure, so come up with one that you haven’t used online before.
You’ll be vulnerable to hacking unless you’ve a different password for every account. If one gets cracked, just the one account will be at risk, not everything you have.
Having unique passwords for all your accounts can be a lot to remember, so why not store them all in a secure app? 1Password, Enpass, LastPass, DashLane, Keeper Security and other password managers will keep them locked up under a very strong master password – and that’s the only one you’ll need to remember. Your app will sign you in to all your accounts and suggest even more secure passwords to help you beef up their level of protection. For added security, set up two-factor authentication for your password manager (see next).
Put a double-lock on your password manager or your email, online banking and social media. With 2-factor authentication set up, you’ll need to enter your password and a second piece of information – usually a one-time code from a text or mobile app, or you can use a Bluetooth-enabled security fob or a USB key in your computer as your 2-factor authentication. Have a look at Google’s Titan Security Key or delve in to your online account’s security settings to see if this extra layer of security is an option for you.
Try Google Authenticator, one of the most popular apps, or LastPass Authenticator, Microsoft Authenticator or another with good reviews on Google Play or Apple’s App Store. When you’ve downloaded and opened the app on your mobile, grab your tablet or laptop and connect your online accounts to the app. For example, on Facebook:
From now on, Facebook will ask you to sign in using a code shown on the app – these 6 digit numbers change every 10 to 20 seconds on your screen. And your phone will generate them even when you’re offline – you won’t need mobile internet or WiFi.
Putting ourselves out there on social media has made it easier for hackers to guess our mothers’ maiden names or the names of our first pets, so common security questions such as these aren’t very secure anymore. When setting up your online accounts, choose a password recovery question that only you’ll know. Or set clever answers. They can be anything – you don’t have to answer the question truthfully, you just have to remember the answer.
When you’re using coffee shop or public WiFi and you’re on a VPN (a virtual private network), you can be confident that hackers can’t see the passwords you’re typing. Though VPNs can’t protect you from viruses and malware, ExpressVPN, Surfshark, NordVPN and others will add a layer of privacy and protect your identity for a fee.
Leaving your computer unprotected is an invitation to hackers – even your strongest passwords are at risk of being stolen by spyware, cracked by keyloggers that secretly record your typing, and more types of malicious software (malware). If you have Virgin Media broadband, simply switch on your WebSafe settings or use Virgin Media Internet Security.
Downloading Kaspersky, McAfee, Norton’s or another antivirus will also block phishing scams and viruses, designed to trick you in to giving away your personal information or rob your sign in details. Find out more via our help article on how to stop spam
See our help guide for hacked Virgin Media Mail accounts if you were spooked by spam, had a ‘Compromised mail’ alert or something else.
Otherwise, if you’ve no viruses or malware on your device, secure your account:
online safety , including our guide on Keeping your online account secure.
Letting web browsers save your passwords is a no-no – passwords are easier to forget when you’re not typing them in but worse, if your computer’s stolen, borrowed or hacked, your accounts are goners. Anyone could use your sign in details, stored on Google Chrome or Safari. Jotting them down is also too risky, you never know who’s snooping around.