Blog: Creating strong passwords and avoiding scams

Nowadays, we need passwords for lots of things, like shopping online or using apps. It’s important to use strong, unique passwords – which haven’t been used by anyone else – to protect our personal information and money. This helps prevent us being scammed when a fraudster, or other online criminal, guesses our passwords and uses it to steal our money.

Tips for creating a strong password:

1. Use three random words
Firstly, pick three unrelated words, like “redhousemonkeys.” Random words are harder for scammers to guess than numbers or special characters.

2. Add capital letters and numbers
Secondly, include one or two capital letters and numbers, e.g. "rEdhousemon6eys."

3. Use symbols
Finally, add one or two special characters (i.e. symbols) like !@#$=%+ to replace a letter or letters, e.g., "rEdhou#emon6eys." This is now a strong password. The final password needs to be between 12 and 20 characters long, with no spaces.

Additional tips for creating super strong passwords!

Avoid personal details that could be easily guessed like family or pet names, your favourite sports team or holiday destination, your address, phone numbers, birthdays, National Insurance numbers, musicians or fictional characters such as Batman, Tigger or Harry Potter.
Don’t use obvious words like “password”, “login”, “football”, “register”or the account name (e.g. "amazon" or “Facebook”).
Avoid using obvious substitutions that just look similar to letters such as “5” for “S”, “@” for “a”, “1 instead of I” or the number zero instead of the letter O.
Don’t use number sequences like "1234 or 4567".
Use different passwords for different accounts so if you get hacked on one account, it won’t affect your other accounts.
Always use a separate and strong password for your email.
Write passwords down and store them safely, or use a password manager to generate and store your passwords. Alternatively, you can save your passwords on a web browser such Chrome or Safari but only on your own device – and bear in mind if your device itself is stolen and hacked, it would be easy for the thief to access your accounts if the passwords are stored in your browser.
Never share passwords with others, even if they ask for the information. Keep this personal information confidential, safe and secure. A scammer might ask you for your password – do not provide it!
If you do get hacked on an account and a hacker gets your private details, including your password, then it is important to change your password on that account straightaway, and on any other account that you use that password for.

Signs of a stolen password:

You can’t log in.
Strange messages or emails are sent from your account that you don't recognise.
Change your password right away if this happens.

Using Two-Factor Authentication (2FA) or Multi-Factor Authentication (MFA)

Some apps offer two-factor authentication (2FA) which you can choose to switch on. 2FA adds an extra layer of security by asking for a one-time code, normally six digits long, sent via text, email or authenticator app after entering your password.

Once the verification code is entered, it will allow you to log in. The advantage is that it checks your identity one more time, and makes it harder for hackers to hack your mobile or computer.

Also, some apps on certain devices permit fingerprint recognition or face scan as well, as a form of 2FA, or 2FA may take the form of a list of back-up codes to store safely and use once each.

It is important to switch 2FA on if it's an option or your email accounts such as Gmail, Outlook and AOL. You should also use it for Google, Amazon, Apple ID, Microsoft and for your banking, social media and online shopping. 2FA can also be called 2-step verification (2SV) or multi-factor authentication (MFA).

Watch out for scams!

Scam 1: fake contact
Scammers may contact you pretending to be from a trusted organisation (e.g. your bank, Amazon, Facebook, a shop, the NHS, HMRC, a government department etc.) asking for your password or personal details. This is a scam and they are not real representatives of that organisation.

They might even say they are contacting you because you have been scammed. This itself is a scam. They may use the phone number of your bank or account, but it is still a scam. A shop, account or bank would never contact you to ask you for your contact details such as your password. They would not contact you in this way to tell you that you have been scammed. You should never respond to this type of contact and do not give them your password, pin no, or personal details. Your passwords must remain confidential and only known to you.

Scam 2: fake links
Another common scam is that they send you a text or email that has a link to a fake scam website that looks real but isn’t. This website then tricks you into revealing your password. The website might have poor spelling, or be linked to a surprise email or text that you weren’t expecting.

Avoid clicking on links from unexpected messages. Instead, it is better to go to the official website to get the contact details and then contact the organisation directly yourself, rather than responding to a strange text or email, or answering a phone call, all of which are likely to be scams.

Useful links

This information is taken from the National Cyber Security Centre: www.ncsc.gov.uk. Also see information on fraud at: www.actionfraud.police.uk.

Blogs by Guildford Blogger

Blog: What’s a dentist’s favourite kind of dinosaur?

22 July 2024

Blog: Could you be entitled to a social broadband tariff?

20 December 2023

Blog: Your NI contributions and how to top up

20 December 2023

Blog: It’s a landline phone, but not as we know it…

20 December 2023