Creating Strong Passwords: Do’s and Don’ts

Picking a good, strong password is a really important place to start to prevent cybercriminals getting to your information. Do not underestimate the complex ways they can and will use to get hold of your data, from simple password hacks and phishing scams to malware attacks. For some it might seem like old news, but it is surprising to see how many ‘weak’ passwords are being created.


1. Make sure it contains a lot of characters – use the maximum length available!
2. Contain a mixture of upper and lower case letters, numbers and symbols. Make substitutions, such as $ for S.
3. Be unique to each site you log into. Using the same password to access multiple accounts means hackers could access all your accounts with a single password. If remembering them all sounds tricky, consider using a password manager such as Lastpass, Keepass or the built-in browser one.


1. Do note re-use old passwords.
2. Not include keyboard patterns e.g. ‘Qwerty’ or ‘12345’.
3. Not include something obvious or relevant to you, personal information such as your name, your pets name or the first line of your address. Even better, make it a word not in the dictionary at all. Consider using an acronym from a phrase.

Security Tokens

Sometimes next to a password, another form of security is required. This can come in the form of a (security) token. Security tokens are physical devices that are used to acces restricted resources online. The token is being used in combination with a password, or it can replace the password completely. You can consider the token as an electronic key. Security tokens provide an extra level of assurance through a method known as two-factor authentication: the user has a personal identification pin-number, which authorizes them as the owner of that token. The token then displays a number which uniquely identifies the user to the service, allowing them to log in. Tokens are often used by companies that require an extra form of security (banks, governments).

Tokens with even higher security use biometric information. A password is something you know, tokens is something you have but biometric information is something you are. A fingerprint is the most common biometric factor thanks to the proliferation of fingerprint-enabled smartphones in the market. Other examples of biometric factors would be the face, retina (eye), heartbeat or your voice. Biometric security is being developed and in the future we will use more biometric information to login securely.