Site   Web

September 7, 2016

12 Password DOs and DON’Ts to Protect Yourself From Unauthorised Access

Image courtesy of (Stuart Miles) /

How safe are your online accounts? When it comes to password security, most users will admit to being just a little bit lazy. Are you one of the millions of people who use the same password for different social media profiles, eCommerce sites or games portals? What about more sensitive personal information contained in e-mail accounts, online banking, utility accounts, HMRC online services?

Just think, if anyone gained unauthorized access to any of your online activities – and there seems to be a new hacking scandal breaking every other week – serious harm could be done. Whether you’re worried about financial fraud or full-on identity theft, it’s clear that your online security should be your top priority.

Strangely enough, a surprising number of people still use what must surely be the worst passwords of all time. Among the top 20 are the following brainwaves (including variations thereof): Password, 123456, Qwerty, 000000, Letmein, Iloveyou, Admin and abc123, as well as the only slightly less obvious Baseball, Dragon and Football.

So, how can you protect your online persona from being violated? We’ve put together six dos and six don’ts that everyone should be following to create a really strong password as a first line of defence against intruders.


  1. Don’t be tempted to use the first thing that comes to mind – your pet’s name, the model of you car, name of your spouse or children, birthdays or any other information that can be guessed easily or discovered from your social networking activity. Similarly, don’t use your favourite book or film title, favourite colour or political trend. These are not unique to you and password hackers will be fully clued into current fashions and trends.
  2. In fact, it’s probably best not to use dictionary words or phrases at all – not even obscene ones (yes, it happens) or foreign words. Makes sense when you think about it: if it’s a real word, it is possible to guess it.
  3. Similarly, don’t use combination numbers (12345, 98765, 24680, 242424 etc) – not even clever mathematical sequences (Fibonacci, Hexagonal, Magic Square) – far too easy for any computer programme to crack.
  4. It should go without saying that your password should be kept private at all times. Don’t keep it written down or, if you must, make sure it is hidden from view. Don’t share your passwords even with your closest friends; they may accidentally pass it on or become ex-friends no longer to be trusted.
  5. Don’t compromise the security of your device. This goes for public computers and cash machines as well as Internet cafes where you could be watched entering your password. Be vigilant!
  6. However convenient and tempting it may be, it is never a good idea to use the same password for all your online accounts. The obvious dangers if you do ever get hacked just don’t bear thinking about.


  1. Longer passwords take longer to crack, so as a first rule make your password at least 8 characters long – ideally longer.
  2. To create a strong password, make use of as many keys from your keyboard as you can. Capital letters, numbers, symbols – mix it up! How about replacing and L with a £ or using %, & and #? Be aware though that password thieves are no fools – #A££OWOR£D is unlikely to fool anyone.
  3. Perhaps the holy grail of secure passwords is to create one that is easy to remember for you but hard to guess for others. One idea is to think of a memorable phrase such as ‘Two pints of lager and a packet of crisps please’ but change a couple of words to make it unique (‘Four pints of Cider and a packet of Peanuts please’). Then use the initials and incorporate a few symbols to create: 4poC&apoPp – a pretty strong password.
  4. Choosing a completely different password for each online account is obviously the safest way to go – but how on earth will you remember them all? Consider using a password manager such as LastPass or RoboForm for help with creating and storing strong passwords.
  5. Another secure option is to use your password created at three above but vary it a little bit for each site. Variations could include ‘4ptsofCider&apacketofPeanutsplz’, ‘4p0C&1p0Pp’or even ‘4poC&apoPptwitter’.
  6. Finally, have you considered two-step authentication for your online accounts? Many companies such as banks now require a second log-in step for extra ID verification – via a PIN card reader or a code sent to your mobile phone. It’s hugely more secure and can be used with Google, Dropbox, Twitter, LinkedIn, PayPal, Microsoft, Amazon, Steam and many other online services.


Article provided by Mike James, an independent content writer working together with Best VPN.