Your browser version is no longer supported, so you may experience issues while using this site.
Please upgrade to a current browser to enjoy the best experience.


6 tips to creating a secure password

05 October 2017

Passwords, PINs, passphrases and authentication are the keys to your online security. If your password is captured, guessed or stolen, it can be anything from a mild inconvenience to a financial and legal disaster. The absolute last thing anybody wants is to have their identity or finances compromised. How do you ensure your passwords stay for your eyes only? We look at some of the best ways for creating a secure password.

1. Use a passphrase over a password

Forgetting your password and then having to reset it can be frustrating, which is why most people use the same or similar passwords for multiple accounts – a real internet security no-no. Therefore the best password for you has to be both unique and easy for to remember, while difficult for someone else to guess or get a hold of. This is why passphrases are more secure than passwords. A password is usually several words, 8-16 characters long, e.g. RedPencil1. They tend to be tougher to remember because they’re often unrelated words. A passphrase should contain more character and be a complete sentence, e.g. Whereismyredpencil1. Remember, make your passphrases memorable, but unique.

2. Create an extra layer of security with two-factor authentication

A password or passphrase is considered one-factor authentication. Two-factor authentication, in comparison, provides an extra layer of defence. The first factor is usually your password/passphrase, the second can be a text, call or email prompt. The extra layer makes it more difficult for someone to get a hold of your information, because they have access not only to your password, but your device and email account as well.

3. Try a password generator or password manager

A password manager is software that can be installed on your computer, smartphone or tablet – sometimes internet security software includes free password managers. Password managers can generate and remember complex passwords. They’re a great way to keep an easily accessible and secure online record of all your passwords, whilst only having to remember one – that of the password manager itself. The main downside of a password manager is that if it’s breached, all your information is accessible.

4. Setup a two-tier password system

Setting up a two-tier password system involves identifying your high risk and low risk online areas, e.g. banking, online payments, and social media, versus newsletters and non-confidential information. This way you create unique and complex passwords for high risk, and less complex passwords for your low risk areas. Differentiating the two areas can also help you to remember multiple passwords.

5. Change passwords regularly

After all of this creating and remembering of passwords, it might seem like a headache to then go and change it every 3 months – but this is exactly what you should do. Changing your password regularly ensures that if someone has cracked your code, they would have only done so for a relatively short amount of time. Part of this process is doing a ‘password audit’. Whenever you use a password to login ask yourself, how strong is my password? How safe is my password? When was the last time I changed it? If it hasn’t been changed under the current Prime Minister, or if your password is PASSWORD, it’s time for a change.

6. Stay secure while on the move

Your mobile device is simply a small computer, so many of the password protection tips above apply. However, there are a few extra password precautions you should take. Utilise touch ID or finger scanning technology on your tablet or smartphone. This technology is great because it requires your unique fingerprint to get access to the device and it means you don’t have to remember another password. If you use a numerical passcode to get access to your mobile device, ensure that you use a different passcode on each device.

Mobile security is important and your mobile device can be hacked or infected with a virus if left unsecured. Ensure you’ve turned any security features of your mobile device on, installed reputable internet security software or applications, and have the most updated operating system software installed.

Ensure that your identity and personal details stay safe online by utilising the tips above. These can help you to create a strong password or passphrase that’s easy to remember, but tough for someone else to get a hold of.

Find out more about protecting your computer and how passwords and passphrases can help you stay smart online.

Want to know more about malware, viruses, and encryption? We’ve created a Security Term Glossary to help you understand some common online security terms.

Information is intended to be of a general nature only and any advice has been prepared without taking into account any person's particular objectives, financial situation or needs. You should make your own enquiries, consider whether advice is appropriate for you and read the relevant Product Disclosure Statement or Product Information Document before making any decisions about whether to acquire a product.


McAfee logo

Browse, shop & bank safely online with McAfee®

3 months free security for Suncorp customers

Learn more