5 expert tips to create strong passwords and stay cyber safe

World Password Day (1 May) is a good reminder to stay cyber safe by checking your password habits — but with so much advice out there, it’s easy to feel overwhelmed. To cut to the chase, we asked our Postgraduate Certificate in Cyber Security experts, Mengmeng Ge and Ke He, for their top tips on keeping your passwords (and your accounts) secure.
 

1. Don't reuse the same password across multiple accounts

It's tempting to use the same password for different sites, but it’s a major security risk. "This makes it easy for hackers to gain access to multiple accounts if just one gets compromised," says Mengmeng.

Ke advises using a different password for each site to limit the damage if something goes wrong, and has advice on how to stop being overwhelmed by password overload. 

"What I usually do is think of a fixed phrase and append some specific information about the website I am trying to log into. For example, google_password_is_hard and linkedin_password_is_hard."

2. Simplify password management with a password manager

Managing dozens of passwords can feel overwhelming, and people often look for password manager advice. 

"A password manager is a great solution," says Mengmeng. "It stores all your passwords securely and can generate strong, unique ones for each site, so you only have to remember one master password."

Top tip: some free password managers Mengmeng suggests considering are Bitwarden and NordPass.

3. Stop overcomplicating your passwords with outdated rules

Many of the password rules we’re used to, like including special characters, regular password changes, or using security questions, can actually make things worse, not better. Ke explains that the latest cyber security NIST SP 800-63-4 guidelines recommend focusing on password length instead.

A good password should be a long, easy-to-remember passphrase — not a confusing string you’ll forget.

4. Managing secure information? Don’t rely solely on biometrics

Ke says it's tricky to answer whether biometrics alone (like Face ID or fingerprint scans) are enough to rely on.

"The security of something is correlated with its value. So for everyday users, face ID and fingerprints are possibly sufficient, as hackers with the ability to break these often have very little to gain from hacking the average Joe. But, if you're a CEO or government employee, the risk is higher."

In these cases, he'd advise using multi-factor authentication (MFA) with a time-based one-time password (TOTP) app for added protection.

5. Feeling concerned? You can check if your passwords have been compromised!

If your passwords have been exposed in a data breach, it’s crucial to act quickly. Ke recommends using sites like haveibeenpwned.com to check if your email address or passwords have been part of a breach. If so, make sure to update your passwords right away.

Ready to take the next step in cyber security? Learn more about our Postgraduate Certificate in Cyber Security.