Password Security

Best practices for creating strong passwords, password managers and multi-factor authentication

Cyber criminals can use your email to access many of your personal accounts, leaving you vulnerable to identity theft.

Top Tips To Staying Secure Online

Two people with padlock in the foreground
  • Protect your email by using a strong and separate password: Cyber criminals can use your email to access many of your personal accounts, leaving you vulnerable to identity theft.
  • The latest software and app updates: Software and app updates contain vital security updates to help protect your devices from cyber criminals.
  • Turn on 2-step verification (2SV): 2-step verification is recommended to help protect your online accounts.
  • Password managers, how they help you secure passwords: Using a password manager can help you create and remember passwords.

Use a strong and separate password for your email

Why it’s important to take special care of your email password. We're often told that the passwords to access our online accounts should be really strong, and not to use them anywhere else. This is especially true for the password for your email account. If you've used the same password across different accounts, cyber criminals only need one password to access all your accounts. Always use a strong and separate password for your email; that is, a password that you don’t use for any of your other accounts, either at home or at work. If a criminal can access your email account, they could: access private information about you (including your banking details) post emails and messages pretending to be from you (and use this to trick other people) reset all your other account passwords (and get access to all your other online accounts) Having a strong and separate password for your email means that if cyber criminals steal the password for one of your less-important accounts, they can’t use it to access your email account.

Check Out The Video About Securing Your Email Account!

Secure-email padlock

This is an image of two people staying secure online with one person on a ladder, putting up a big padlock and another sat down on their computer.

The NCSC encourages people to use password managers, which can create strong passwords for you (and remember them). If you have re-used your email password across other accounts, change your email password as soon as possible. It should be strong and different to all your other accounts. Ideally, you should use unique passwords for all your important online accounts (such as banking accounts, shopping/payment accounts and social media accounts), not just your email account. You should also provide additional protection by setting up 2-step verification (2SV) on your email account, which will prevent a criminal from accessing your email account even if they know your password.

Install the latest software and app updates

Image to update your software

Applying security updates promptly will help protect your devices and accounts from cyber criminals. You should apply updates to your apps and your device's software as soon as they are available. Updates include protection from viruses and other kinds of malware, and will often include improvements and new features. If you receive a prompt to update your device (or apps), don’t ignore it. Applying these updates is one of the most important (and quickest) things you can do to keep yourself safe online. You should also turn on 'automatic updates' in your device's settings, if available. This will mean you do not have to remember to apply updates.

Turn on 2-step verification (2SV)

Turning on 2SV is one of the most effective ways to protect your online accounts from cyber criminals. You should protect your most important accounts (such as email, banking, social media and online shopping) by making sure you have 2-step verification turned on for each of them. 2-step verification (2SV), which is also known as two-factor authentication (2FA) or multi-factor authentication (MFA), helps to keep cyber criminals out of your accounts, even if they know your passwords. The NCSC recommend you take time to set up 2-step verification on all your important accounts, even for ones that you've protected with strong passwords.

Computer, phone and a padlock secure

Password managers: using browsers and apps to safely store your passwords

Phone with email securing passswords
In addition, many password managers are helpful because they can:
  • Synchronise your passwords across your different devices, making it easier to log on, wherever you are, and whatever you’re using
  • Help spot fake websites, which will protect you from phishing attacks.
  • Let you know if you’re re-using the same password across different accounts.
  • Notify you if your password appears within a known data breach so you know if you need to change it
  • Work across platforms, so you could (for example) use a single password manager that would work for your iPhone and your Windows desktop

We're often told that the passwords for our online accounts should be really strong, and to not use the same password anywhere else. Especially for those important accounts like email, banking, shopping and social media. The trouble is, most of us have lots of online accounts, so creating different passwords for all of them (and remembering them) is hard. This is where a password manager can help. A password manager (or a web browser) can store all your passwords securely, so you don’t have to worry about remembering them. This allows you to use unique, strong passwords for all your important accounts (rather than using the same password for all of them, which you should never do).

Loading page for uploading Click here to see the best password managers in 2024!