4 Rules for choosing a scam-proof password

Andy Webb

Whether we embrace it or begrudge it, huge chunks of our lives now take place online. To keep your details safe, follow these four simple rules…

1. Make your password complicated

The most simple passwords are the easiest to hack, so don’t go for the obvious. To toughen them up, start by swapping letters and digits (e.g. a 3 for an E) or substitute symbols (e.g. $ for S).

A further option is to try three or four different words joined together, but best of all is a random sequence of characters. Some accounts will offer you the option for a randomly generated password like this.

Whatever you pick, it’s worth testing at howsecureismypassword.net. Enter your password and the site will tell you how long it would likely take a computer to crack.


2. Use a different password for each account

Now you’ve got a super strong password, it’s tempting to use the same one on all your accounts. But don’t. If just one account gets hacked that leaves all your other accounts vulnerable. Where possible, make sure each password is unique.


3. Don’t write your passwords down

Of course, having so many different and complicated passwords can prove troublesome. Research by Experian shows that a quarter of over 55s have 11 or more unique passwords. No matter how good your memory is, keeping track of all those is going to be beyond most people, and more mistakes can happen as a result. Writing passwords down on a piece of paper by the computer, or letting the computer remember them itself can leave accounts vulnerable.

Instead, consider an online password manager. You have one master password to access your account, and there you’ll have access to all your other login details and passwords. You can even store extra information such as memorable information you might also be asked.

Both LastPass and Dashlane are free, so you’ll always have access to your details when you need them.


4. Set up double authentication

Double, or two-factor, authentication requires more than a password. It could be using an app to approve the log-in, or a secondary piece of hardware to produce a code. Doing this adds an extra level of security, and makes it far more difficult for hackers to break through.