Using passwords Passwords are an effective way to control access to your data, the devices you store

it on, and the online services you use.This page contains tips about how to create
strong passwords, how to look after them, and what to do if you think they've been
To protect your devices & data stolen. For more information, please refer to www.cyberaware.gov.uk .

Create strong Use 2FA to protect

***** passwords your account
Create a strong and memorable Many companies allow you
How can your password for your email account to set up two-factor authentication
(also known as 2FA) on your accounts. It's called
(and other important accounts).
passwords be Avoid using predictable passwords (such as
2FA because it involves signing into your account
stolen? dates, family and pet names). Avoid the
most common passwords that criminals can
using two passwords or codes; one that you know,
and the other usually sent to your phone.
easily guess (like 'passw0rd'). The most common form of 2FA is when a
code is sent to your smartphone that you
Don't re-use the same password across must enter in order to proceed. You should
important accounts. If one of your set up 2FA for important websites like
passwords is stolen, you don’t want the banking and email.
criminal to also get access to (for example)
your banking account. Even if a criminal knows your passwords,
To create a memorable password that's also they will struggle to access any accounts
Criminals will use the most common that you've protected by turning on 2FA.
passwords to try and access your accounts, hard for someone else to guess, you can
or use information from your social media combine three random words to create a
The website www.telesign.com/turnon2fa/
profiles to guess them. If successful, they single password (for example cupfishbiro).
contains up-to-date instructions on how
will use this same password to try and to set up 2FA across popular online
access your other accounts. services such as Gmail, Facebook,
.
Criminals also try and trick people into
Look after your Twitter, LinkedIn, Outlook and Instagram.
revealing their passwords by creating fake passwords
'phishing' emails that link to dodgy
websites, or by using persuasive
If you store your passwords What to do if your
somewhere safe, you won't have to remember
techniques through social media.
. them. This allows you to use unique, strong password is stolen?
Even if you look after your passwords, they passwords for all your important accounts. If you suspect your password has
can still be stolen if an organisation been stolen, you should change it
containing your details suffers a data You can write your password down to as soon as possible.
breach. Criminals will use these stolen remember it, but keep it somewhere safe,
out of sight, and (most importantly) away If you have used the same password
customer details (such as user names and
from your computer. on any other accounts, change these
passwords) to try and access other
as well.
systems. Most web browsers will offer to store your
online passwords. It's safe to do this. You can use the website
Browsers will also detect 'dodgy' websites that www.haveibeenpwned.com to check if
phishing emails try and trick you into visiting. your information has ever been made
public in a major data breach.
You can also use a standalone password
manager app to help you create and store
strong passwords.
© Crown Copyright 2020 www.ncsc.gov.uk @NCSC National Cyber Security Centre @cyberhq