Weak passwords, like "Password1", the name of your favourite football team or pet’s name remain the go-to picks for many. These are easy for cyber criminals to hack – software exists that can guess millions of passwords in minutes!
If you use the same password on multiple accounts, such as your email, online banking, online shopping and social media, a cyber criminal can access all of them by cracking just one password! This leaves you exposed to identity theft, financial loss, extortion, fraud and other cyber crimes. Hackers will thank you for allowing an open door into your digital world.
Consider the strength and security of your passwords and we encourage you to take our ‘Password Pledge’ below. Starting with your most important accounts (such as email, shopping, banking and social media), replace your old passwords with new more secure ones using our pledge tips.
Secure your online accounts, put an end to weak passwords!
I will create strong and unique passwords using three random words
The best way to make your password difficult to hack is by using a sequence of three random words you’ll remember - the longer the better. You can make it even stronger by including special characters and numbers.
FriendsHippoMaze - Strong Fr1endsH!pp0M@ze – Stronger
Don’t be fooled that by using symbols on short common words e.g. "P@$$W0rd1" will make it harder to guess, these are still easily cracked. Replace your old passwords today with new, more secure ones.
I will use different unique passwords for each of my most important online accounts: such as email, social media and banking.
Remembering lots of lengthy complex passwords can be difficult. Store your passwords in your browser when prompted; it’s quick, convenient and safer than re-using the same password. Or, use a password manager - an app you can install on your phone, tablet or computer that stores your passwords securely.
I will turn on a second layer of security
Two-factor authentication (2FA) is a free security feature that gives you an extra layer of protection online. 2FA significantly reduces the risk of being hacked by asking you to provide a second factor of information, such as getting a code via text message that you need to input when you log in. This stops cyber criminals getting into your accounts - even if they have your password.
Download the pledge and share with family, friends and work colleagues - Password Pledge (PDF 409 KB)
Some of your account details and passwords may already be for sale as a result of a data breach from a website you previously signed up to. You can check if your password has been affected on HaveIbeenPwned. If your password is flagged as compromised you should change it immediately.
The National Cyber Security Centre (NCSC) did an analysis in 2019 of the passwords retrieved as a result of data breaches. A list of 100,000 common passwords is available to download and check your passwords against on PwnedPasswordsTop100k.
If your password appears on this list you should change it immediately. (Please note, there are some passwords contained on this list you may find offensive.)
For further reliable information, guidance and support on passwords, use the trusted resources listed below