How to create a strong password

HomeBankingOnline BankingOnline Safety › How to create a strong password

Passwords are your line of defence in the digital world. They keep your personal information safe and prevent unauthorised access to your computer and to your online accounts. Your electronic devices are home to a lot of sensitive and precious information, from bank details to data privacy, and having a strong password keeps your financial and personal safe.

On this page, we explain what makes a password strong (and weak), provide tips for how to create a strong password and look at how often you should change your password.

How does a password get hacked?

There are several ways that cyber criminals can hack passwords. Whether they use hacking technology, brute force or phishing, there are ways to break through.

Here are some of the common ways that hackers will try to crack your password.

1. Brute Force

Automated software runs through every combination in the book in seconds until it finally hits on yours. As the name suggests, this is a serious line of attack against your defence system. There are incredibly advanced hacking systems out there that can hit the staggering number of 350 billion guesses per second.

These brute force hacking systems tend to veer towards passwords of 12 characters or fewer, so when setting your password, length truly does matter.


2. Phishing

Phishing is a way in which scammers can get you to unwittingly share your personal information or password with them. They may send you emails pretending to be your bank or credit card company, which will then link you to a fake site made to look like the bank site, where you will be asked to input your data and personal information. This can also happen through scam phone calls.

3. ‘Dictionary’ software

While the brute force attack will try every combination of letters, numbers and symbols, the dictionary attack focuses on words. If you use a regular word as your password, odds are the dictionary software will be able to crack it. You may be able to dodge the dictionary attack by using a series of words together, especially if they are multiple words that commonly don’t go together (see our tips on how to make a good password below).

Top tips for creating a strong password

So, how do you create a strong password? A good password should be something you remember…but also something that no one else would be able to guess.

It should be long, have a combination of different characters, and should be one of a kind, meaning you don’t use the same password on other websites. Understanding what makes the difference between a weak and a strong password, and knowing general security tips for keeping your accounts safe, is good practice for all online users.

What makes a password weak?

A weak password can be simply not having a password at all, or having a password that is easy to guess. If your password is something obvious, like the name of your company, your name or birthdate, or something like ‘password’ or ‘1234’, this is considered a poor line of defence.


What makes a password strong?

A strong password is tricky to crack – even with highly sophisticated software. It normally contains a mixture of letters, numbers and symbols, is more than seven characters, and isn’t at all linked to any previous password or anything to do with your business name.

You can create your own password, or you can generate one with an offline password generator. In a nutshell, this is what makes a strong password:

  • More than seven characters
  • A mixture of symbols, letters and numbers
  • A mixture of uppercase and lowercase letters
  • Is different to previous passwords
  • Doesn’t contain your name / business name / any obvious information

How to create a strong password

Need help creating a password? Here’s how to create a strong password:

  • Choose three or four random words and put them together
  • Use a memorable phrase that’s personal to you
  • Create your own acronym
  • Play around with patterns on your keyboard when picking letters
  • Spell things incorrectly on purpose
  • Throw in random spaces and brackets
  • Repeat words when you have a short password
  • Swap letters around at random
  • Include punctuation
  • Swap letters for similar looking numbers, e.g. O becomes 0, and A becomes 4

How often should you change your password?

Experts recommend changing your password at least every three months, or even every month if your password is for sensitive information, such as financial data.

Good security measures to practise

Keeping data safe doesn’t just stop at a password, and there are other good practices you should get into the habit of when it comes to protecting your online data. Here are some dos and don’ts that will help keep your data safe:


  • Write passwords down
  • Use the ‘remember me’ feature on public or shared computers
  • Use the same password for everything
  • Use the same passwords you have used before
  • Disclose your passwords to any third parties
  • Share passwords - even when you’re asked to
  • Opt for two-factor authentication
  • Regularly run virus checks on your computer

Having a solid and secure password is essential for keeping your information safe. With the rise of online banking, financial apps and so much of our personal data being stored online, it’s important to take the necessary steps to stay safe.

The simple measure of having a strong password in place can give you a fighting chance and keep the brutes and phishers at bay.