Complex password tips

In 2020, 27% of British people gained more than four new password-protected accounts. Experts at the National Cyber Security Centre (NCSC) believe this is because of greater reliance on remote technologies and online services during the pandemic.

Unfortunately, the NCSC also found that we are putting themselves at risk with weak (or easy to guess) passwords. Their survey this year found that 14% use the name of a member of our family in our password, and that 6% include the word ‘password’. Experienced hackers can crack these types of passwords within seconds and so it makes sense to create a complex password to keep your data – and your money – safe.

To make your password as strong as possible, it is suggested that it must:

  • Be at least eight characters long
  • Contain a mixture of upper and lowercase letters
  • Include numbers and symbols
  • Not contain any recognisable words
  • Not be used anywhere else.

Here’s how to create your own unique password:

Use three random words.

Any three words will do. If none spring to mind, just look around the room you’re in now and pick three things you can see. For example, ‘window’, ‘light’ and ‘book’. Then use these tips below to make these words into a strong password.

Use a mixture of upper and lowercase letters

For example, windowlightbook could become wiNdowliGhtbooK

Substitute letters for numbers and symbols

For example, wiNdowliGhtbooK could become w!Nd0wl!Ghtb00K

Alternatively, use a memorable sentence.

Instead of 3 random words, you may wish to pick a memorable phrase or sentence. Perhaps a line of poetry? For example, Din Muhammad Rumi wrote “I am the servant of the Qur'an as long as I have life”. This could become Iamth3s3rvantofth3Qur’an.

Worried about how to remember your complex password? Don’t be. Your browser could have a password manager to keep your passwords safe and at your fingertips; it is what prompts you to save your password (with a phrase such as “Do you want to save this password?”). Password managers have strong encryption which protect you against cybercriminals. You should also update your password every six months.

Finally, never tell anyone your password. There is never a legitimate reason for you to be asked to share your password.

View all news and events