Creating strong passwords
It’s incredibly important that you create strong passwords for your online accounts. But what does ‘strong’ mean? And why are businesses and governments so determined to get us to change?
If your password is long (around 17 characters) but simple, or if it’s short (9 characters or less) but complex, it can take just 2 days for a hacker to reveal it.
To keep your personal information safe, we recommend you have a combination of lowercase and uppercase letters, numbers and symbols. And it needs to be something you can remember.
How to create a strong password
Here’s how to create a strong password that’s long, complex and easy to remember. Think of a sentence that you can remember. Let’s start with: Tulips are my favourite flower.
Add some uppercase letters: Tulips Are My Favourite Flower.
Remove the spaces: TulipsAreMyFavouriteFlower.
Substitute numbers and symbols for some other letters: Tu1ip$AreMyFav0uriteFl@wer.
Password creation checklist
- Is it long (minimum 18 characters)?
- Does it have both lowercase and uppercase letters?
- Does it have at least one number?
- Does it have at least one symbol?
You’ll need different passwords for your accounts
It’s important that you use different passwords for all your high priority accounts especially your email, social media, banking and superannuation accounts. Consider using a reputable and secure password manager to store them.
Why should you bother creating strong passwords
Consider an example of your email account being compromised. You’ve had it for years and the password is short and simple.
The password is short and only contains lowercase letters. A hacker runs software which automatically attempts tens of thousands of passwords against your account details – and they succeed. The hacker has full access your email account.
They go through all your messages, attachments and folders. They find a copy of your passport from that time your friend booked your flights.
They find your driver licence and Medicare card from your pre-employment police check. And they have all your contacts so they can email them pretending to be you – possibly asking for money.
They can reset your password on your email account, and then do the same on your other accounts. So you’ve lost control of your email, banking, key identity documents, and now you and all your contacts are at risk.
This can happen in a matter of hours. And the hacker can now apply for credit cards or loans in your name, create online gambling accounts, transfer money out of your accounts. And because they’ve changed all your account passwords – you have no idea it’s happening.
What can happen if your identity is compromised
If this happens, you may be at high risk of identity crime. That’s when someone else creates debts in your name without your knowledge or consent.
ID Support NSW can help
If you find that your NSW Government identity credentials have been compromised, we can help. ID Support will help you replace your NSW Driver Licence, birth certificate, working with children check, Seniors Card and MyServiceNSW Account details.
Other steps you can take
- Clean out your email regularly. Delete sent items. Empty the deleted items folder.
- Save attachments and delete emails with attachments immediately.
- Add multi-factor authentication to your accounts wherever it’s available. This is where you get a text message with a single-use code before you can log into your account.
- Learn more about protecting your identity and keeping your devices safe.
Has your password been compromised and published?
You can check if the password you’re considering has been compromised in a data breach by visiting the Have I Been Pwned website. The site lets people check whether their personal information has been compromised in a data breach.
For those thinking we’ve made a typo, Pwned is a long-running joke in some online communities.