Thing 1: Passwords

A good way to create a strong and memorable password is to use three or four random words.

The longer you can make your password, the more secure it will be. Three random words with five letters each will give you a 15 character password and that’s far more secure than eight characters made up of random letters, numbers and symbols.

Numbers and symbols can be added to your three words, for example BlueAugustMouse#327, but keep in mind – length not complexity will make your password difficult to guess.

Be creative use words only memorable to you, so that people can’t guess your password. Your social media accounts can give away vital clues about yourself so don’t include words such as your child’s name or favourite sports team which are easy for people to guess.

It’s no surprise, with so many online accounts and apps, most people choose to use the same password across more than one. But the first thing a cybercriminal will do once they have one of your passwords, is try it in all the places you might use – starting with your social media and email accounts. Even if they don’t do this immediately, they’ll add your password and username to lists that get shared/sold to other criminals. Eventually these lists are published online for everyone to see. Sooner or later, accounts where you use that password will be broken into.

This is why it’s important to never use the same password for more than one online service. At the very least, you should use a strong, separate password for your email. Then, if cyber criminals steal the password for one of your less important accounts, they can’t use it to access your email account and reset your passwords elsewhere.

It goes without saying, that you should never reuse passwords across your work accounts or use a password for a work account that you have used before for one of your personal accounts.

We all know not to leave our passwords in plain sight, like on a sticky note attached to your device. But did you know that storing your passwords in a document on your computer or folder in your email can be just as dangerous? It’s okay to write down a password if you need to. But this should be kept offline and in place where it won’t be discovered by anyone else or easily understood even if it is.

Never disclose any of your passwords to someone else. If you need to share your passwords with colleagues to get work done, raise this with your manager as soon as you can - it poses a very real security risk to both you and your organisation.

Make sure nobody can see you type your password, especially if you are in a public place and strangers are close by eg on a train.

Most passwords are stolen when someone accidently logs into a fraudulent website after clicking a link within a phishing email. Always make sure you visit the correct website by the checking the address bar or by typing the address directly instead of clicking on links in an email.

Avoid using public wifi like at a café or on public transport unless you know how to connect to a Virtual Private Network (VPN). Although convenient, public wifi can be insecure allowing your password and other transmitted information to be recorded and stolen. We talk more about this and how to secure yourself with a VPN in Thing 9. If you don’t have a VPN, Turn off wifi and use the 3G, 4G or 5G signal on your mobile telephone – this will always be more secure than an untrusted wifi hotspot.

You should never log into a work-related account from a device that your employer has not authorised. For example, logging into your work email on a friend’s computer will almost certainly breach your employer’s security policy, as might logging in from a public computer in a hotel or library. Neither you or your employer have any way of knowing how secure such devices are or whether they have been compromised with password stealing malware.