How to keep passwords secure

  • You should always try to create passwords that are difficult for anyone else to guess. So best avoid names of family members, pets, your date of birth, nickname, or favourite football team
  • Try to avoid using the same username and password for every site. You might think this makes your life easier, but it leaves you wide open to fraud. If by chance someone gets hold of your login details for a blogging site, they will try and use the same details to get into your emails. And from there they might access to other sites you're signed up to, including ones where you've stored credit card details
  • Change your password regularly
  • Never write down your password, or share it with anyone else
  • Always use a mix of small and capital letters, even if the site doesn't specifically ask for it
  • Avoid using real words. Insert numbers or special characters or punctuation (if the site allows it)
  • Reset your BT ID password >


Creating passwords based on phrases

One way to create passwords is to think of a short phrase - like a line from a song or poem - and then use the first letter of each word as your password.

Then use rules like:

  • Replacing words like "to" and "for" with "2" and "4, and use "1" instead of "I"
  • Making all consonants lower case and all vowels upper case

So "I wandered lonely as a cloud" becomes “1wlAAc”: "To be or not to be: that is the question" becomes "2bOn2b:t1tq".

If you struggle to think of different passwords for different sites, then you could take a phrase-based password and add an identifier for each site. Like, "1wlAAcEbAy" or "Utube1wlAAc".


Be on the alert for 'phishing' emails

Don't inadvertently give your passwords away. One way fraudsters use to get people to reveal their passwords is through 'phishing' emails. These look as though they come from a genuine company and usually link out to a bogus website, which asks you to put in your username and password to "validate your account" or "clear up" some security issue.

What is phishing? Is the email I have received genuine? >

Need more help?