5 expert tips to create strong passwords and stay cyber safe
Think your passwords are safe? Our cyber security experts reveal the most common mistakes people make — and how you can fix them.
Think your passwords are safe? Our cyber security experts reveal the most common mistakes people make — and how you can fix them.
Team Tuihono
1 May 2025
World Password Day (1 May) is a good reminder to stay cyber safe by checking your password habits — but with so much advice out there, it’s easy to feel overwhelmed. To cut to the chase, we asked our Postgraduate Certificate in Cyber Security experts, Mengmeng Ge and Ke He, for their top tips on keeping your passwords (and your accounts) secure.
It's tempting to use the same password for different sites, but it’s a major security risk. "This makes it easy for hackers to gain access to multiple accounts if just one gets compromised," says Mengmeng.
Ke advises using a different password for each site to limit the damage if something goes wrong, and has advice on how to stop being overwhelmed by password overload.
"What I usually do is think of a fixed phrase and append some specific information about the website I am trying to log into. For example, google_password_is_hard and linkedin_password_is_hard."
Managing dozens of passwords can feel overwhelming, and people often look for password manager advice.
"A password manager is a great solution," says Mengmeng. "It stores all your passwords securely and can generate strong, unique ones for each site, so you only have to remember one master password."
Top tip: some free password managers Mengmeng suggests considering are Bitwarden and NordPass.
Many of the password rules we’re used to, like including special characters, regular password changes, or using security questions, can actually make things worse, not better. Ke explains that the latest cyber security NIST SP 800-63-4 guidelines recommend focusing on password length instead.
A good password should be a long, easy-to-remember passphrase — not a confusing string you’ll forget.
Ke says it's tricky to answer whether biometrics alone (like Face ID or fingerprint scans) are enough to rely on.
"The security of something is correlated with its value. So for everyday users, face ID and fingerprints are possibly sufficient, as hackers with the ability to break these often have very little to gain from hacking the average Joe. But, if you're a CEO or government employee, the risk is higher."
In these cases, he'd advise using multi-factor authentication (MFA) with a time-based one-time password (TOTP) app for added protection.
If your passwords have been exposed in a data breach, it’s crucial to act quickly. Ke recommends using sites like haveibeenpwned.com to check if your email address or passwords have been part of a breach. If so, make sure to update your passwords right away.
Ready to take the next step in cyber security? Learn more about our Postgraduate Certificate in Cyber Security.