Skip to content

Latest News

You are here: Home > News > Cyber Fraud - Setting Good Passwords

Cyber Fraud - Setting Good Passwords

The start of a new calendar year can be a great time to start fresh and update your passwords. You’ll often hear the Counter Fraud Team advising that you need to make sure you use strong and unique passwords.

Why do passwords need to be unique?

A survey run by Google in 2019 found that 65% of people were reusing the same password for multiple accounts.

When you consider how many different systems and services we log into, it’s understandable that people often find it easier to rely on a single password that they are really familiar with. However, this is a big risk.

The danger comes when one of your accounts is breached. If a company that holds your data is targeted by cyber criminals, your log in credentials could end up being stolen and sold on. If you rely on a single password, accounts you hold elsewhere can also be hijacked.

For example, let’s say that Company A is hacked and your user name and password are stolen. The cyber criminal is able to log into your account with Company A to look for more information - such as the email address linked to your account

They try your password to see if they can get into your emails. If they get into your email account, they can go round lots of other services and reset your password, locking you out of your accounts. If you don’t have the same password for your emails, you might think they’d just give up and move on.

However, they haven’t quite finished. They will try logging into popular services - such as Amazon, PayPal, eBay, social media platforms etc. using your email address and the password that Company A lost. Any account which they manage to access gives them an opportunity to gather more information on you. Some accounts will also contain saved payment information, which can be used to place unauthorised orders.

For example, if they get into your Amazon account they can use your saved details to place high value orders which they could arrange to have delivered to Amazon lockers. They would also be able to steal your address which may help them to carry out identity theft.

Hopefully this example highlights why having unique passwords is so important.

How do you set a strong password?

  • Three is a Magic Number. The National Cyber Security Centre recommends that you use three random words to make strong and unique passwords. Doing this makes your password much longer (and therefore harder to guess or break), but keeps it easy to remember. If picking three random words is proving tricky, you could use a favourite song lyric or phrase that you find memorable.
  • Don’t make it personal. You should not use any personal information in your passwords - things like your pet’s name, your middle name, the place you were born etc. can be tracked down on social media and your online footprint. Even if you think your privacy settings are pretty good, friends and family who you are linked to online may be less diligent.
  • Characterful passwords. If you need to include special characters in your password, it is often tempting to replace letters that look similar (e.g. password becomes p@$sw0rd!) - however this tactic is well known to fraudsters. Instead, think about adding them in between your three random words : e.g. balloonhooklamp could be changed to @balloon?hook!lamp.
  • Take a strength test. To explore how small changes can increase your password strength, have a look at How Secure is My Password. This is a website where you can type in potential passwords and it tells you how long it would take a computer to crack them. For example, balloonhooklamp is estimated to take 1 thousand years to break, but adding symbols in increases that to 80 trillion years!
  • Don’t recycle. Reusing passwords is risky - it’s always safest to come up with a new password rather than slightly tweaking one you have used before.

Other useful articles can be found in our Counter Fraud Newsletters on the Publications page