Passwords remain the default method of authentication for a huge range of services, both at work and at home. The increase in password use is mostly due to the surge of online services, including those provided by government and the wider public sector, and the massive growth in use of personal computers, smartphones, and tablets.

According to the National Cyber Security Centre, simply typing in the word ‘password’ allowed fraudsters to gain access to 3.6million accounts worldwide and a staggering 23.2 million accounts used ‘123456’ as a password. Another 3.8 million accounts were hacked using “qwerty” - the first six letters on the top left of a standard keyboard. Using favourite names, football teams, bands and fictional characters also exposed millions to hacking.

Passwords are a key target for cyber criminals. Gaining access to your password can enable a cybercriminal to reset your other accounts, access information, particularly if they are for accounts with privileges such as access to sensitive information, handling financial assets, or administering IT systems. Given the growing global threat from cyber-attacks, using strong passwords at home and at work is very important.

How cyber criminals try to steal your passwords
  • Tricking someone into revealing their password via social engineering (including phishing and coercion).
  • Password spraying: using a small number of commonly used passwords in an attempt to access a large number of accounts.
  • Brute force attacks: the automated guessing of large numbers of passwords until the correct one if found.
  • Intercepting a password as it is transmitted over a network.
  • Manual guessing; based on easily accessible personal information (e.g. name, date of birth).
  • Shoulder surfing; observing people typing in their passwords in public places.
  • Create a strong password using three random words and use a combination of upper and lower case letters, symbols, and numbers.
  • Turn on two-factor authentication (2FA) where possible. This requires two different methods to prove identity before you can use a service – for example a password and a unique code sent to a mobile number. Many online banking services already use this.
  • Be wary of public wi-fi and do not use it to log onto secure sites.
  • Consider creating separate passwords for your email accounts and websites you visit.
  • Never reveal your password to anyone. If you do write them down, store them somewhere safe and not with your device.
  • When at home, use a password manager to help you to remember all of your passwords or save your passwords in your browser (this means letting your web browser, such as Chrome, Safari or Edge remember your password for you).