Cyber safety tip #1: passphrase not password

Passphrases work best when they are long, unpredictable and unique. That means they should:

• include four to six words and be at least 15 characters in total;
• incorporate spaces and punctuation;
• be a random string of words rather than a predictable phrase; and
• be unique to each account or service.

Email accounts, financial accounts and those that store sensitive financial or personal information should each have their own passphrase.

Strings of unrelated words make the best passphrases. For example: ‘light apple mouse stone’.

Some ways to create your own passphrases might include:

• opening the dictionary to random pages and choosing a word from each;
• selecting a book and doing the same; or
• using an online tool or process to generate your own passphrase.

Once you have your passphrase, create a mnemonic or sentence to help you remember it.

For example: The light from an apple turned a mouse into stone.

To vary your passphrase for different accounts, you could try inserting a word or prefix from that website or service into your passphrase. For example: use ‘light apple face mouse stone’ for Facebook.

As with passwords it’s important to store your passphrases securely. For example, your device browser may include a password manager you can use to store your passphrases.

If you use one from the internet or buy one, do your research to make sure the seller is reputable, and the password manager undergoes regular security updates.

And protect your password manager with its own long, unpredictable and unique passphrase.

Or you could choose to record them in a notebook, as long as you keep it somewhere secure.

Remember, don’t share your passphrases (or your notebook) with anyone, and don’t enter them when using public Wi-Fi networks.

If a passphrase has been compromised, change to a new one and don’t use the old one again.

Our Staying safe online hub has more information about how to keep your accounts and personal information safe.