Best practices for strong passwords

Above all the trick is to choose a password that is easy to remember, but difficult to guess. So don’t opt for something like “123456” – which coincidentally is the most common password in the world ;)

Do

• opt for long passwords (min. 16 characters wherever possible). Length will always trump complexity. (e.g. “butterandyummybread”)
• use a selection of random words or sentences and phrases (ideally min. 3 words). Some systems will even allow you to use an empty space as a character. (e.g. “butter and yummy bread”)
• strengthen your password further by increasing complexity with upper- and lower-case letters, numbers, and special characters. Ideally incorporate at least 3 of these choices (e.g. “Butter and 3 yummy !breads”).
• use different passwords for different accounts.  

Don’t

• use common passwords such as your child’s name, your pet’s name, your birthday or your favourite sports team. If your friends can find it on social media, so can hackers.
• use single words followed or preceded by a single number (e.g. “Love2”). Hackers will use dictionaries of words and commonly used passwords to try and figure out your password.
• write down your password (on paper or in an unprotected digital file) and keep it close by (e.g. underneath your keyboard).
• share your password with others.
• use the same password across multiple accounts. That means that a hacker just has to hack one of your less secure accounts to get access to all other systems.

Using a password manager

Creating long and complicated passwords for every account, can quickly make it difficult to remember which password you used for what account; and as we learned, you should never write down your password on paper or in an unprotected file on your computer or mobile.  

Luckily there are some great password manager tools out there that help you organise your passwords and keep them safe. Such a tool will store your password securely in a highly encrypted vault that you can access with one master password. Essentially it frees you from the need to remember more than one password. Moreover, they often include a password generation feature, which will help you come up with strong passwords.  

The National Cyber Security Centre (NCSC) has put together some helpful guidance to consider when choosing a secure password manager. Depending on the service you choose, the password manager will be accessible online or as an app on your phone, tablet or computer.

Free password managers

Though we do not recommend any one solution, here are some examples of free password managers:

• LastPass
• NordPass
• Dashlane
• LogMeOnce
• Bitwarden

Saving passwords in your browser

When you log into your accounts online (e.g. into the Care Office), most web browsers will offer to save your passwords for you. It’s important to remember that you should only do this, if you're on your own personal device that no one but you has access to. If you are sharing a device at home or with co-workers, you should consider carefully who has access to the device and if you’re ok with these people having access to your accounts.