There really is no excuse for failing to select a strong password, one that is hard for a hacker to crack.
It’s quite easy, for example, to string three random words together, beginning each with a capital letter, because complexity makes it harder for the hackers, while you get a memorable password.
Yet, left to our own devices, most of us would take a simple eight letter password and use it on every account, from banking to utilities, from our home computer to buying theatre tickets.
Research carried out by credit reference agency Experian earlier this year, found that more than half (55%) of the 2,001 people surveyed use the same password for multiple online logins.
To make matters worse, passwords will probably be based on something highly personal, such as the company we work for or our child’s name.
These are the possibilities that a hacker will try first in trying to gain access to our accounts.
And just to top it off, you put all your favourite things on social media for everyone, including hackers, to read. Never publicise anything that you use as a password – or better still, pick passwords that are based on things that you would never mention in public.
Among the most common passwords are: password; monkey; football; 123456; and 123123. But while this is a good start, you should avoid these as they are far too easy for cyber criminals to crack.
How to create a strong password
The best way to create a strong password is to use three random words because length gives complexity.
The strongest passwords also contain a mixture of capital and lower case letters, numbers and symbols – so you can simply supplement these within your three random words.
One possibility is to substitute numbers or symbols that look similar to letters, such as 1 or ! for I; 4 for A; *, 0 or () for O; or 8 for B. You could substitute * for A or S since that is the first letter of the word asterisk and of star.
Do remember, though, that the more obvious a substitution is, the more likely a hacker is to guess it.
Another idea is to use the first letters from the line of a song lyric, preferably an obscure one. Use a different line of the song for each password.
Or select a book on your bookshelf and use the opening words on a page, using separate pages for each account.
Some sites tell you when you create a password whether it is weak, medium or strong. It should not need saying that you should ensure that yours are strong. The warning is there for your own good. Do not ignore it.
How to remember passwords
The main problem is to remember all your passwords, especially if you follow sensible advice to have a different password for each account.
The idea behind picking three random words to create your password is not only because it’s strong, but also so you can pick something that’s memorable to you but not easily guessable to others.
At the very least, have a strong separate password that’s easy to memorise for your email account, which is typically the gateway to your identity and to other financial information. Make sure that this password is completely different from any others you use. Accounts that don’t have money in are obviously less important than those where a hacker can cost you cash.
Do not store a list of your passwords anywhere on your computer or written down on paper in your house. If anyone succeeds in hacking into it they will take the list and use it. Also, do not tell your computer to save a password unless the account in unimportant.
If you must write passwords down in order to remember them, encrypt them in a way that is familiar to you but makes them indecipherable by others.
Those who simply cannot cope with multiple passwords may find that the solution lies with online password managers. These online accounts, which are available as free and paid-for services, typically store all your log-in details and protect them with a single master password.
The big worry with these services is whether the information is safely stored in the cloud, given that other supposedly safe websites have been hacked.
One provider Moneywise spoke to says data is encrypted and decrypted on your device and that the master password is not accessible even by the company itself. It adds that authentication when logging in requires two steps to provide extra security.
Ensure you check how safe your passwords are before signing up to these services. For more information about password managers, see 17 ways to protect your money in 2017.
Change passwords if a company you use is hacked
But it is not only you who needs to keep passwords secret. You are relying on any site you use to be equally careful.
If any company that holds your password has its computer system hacked, you should assume that your password has been stolen and will be used fraudulently. Do not wait for the company to admit passwords have been stolen.
If this happens to you, and you use the same password on other accounts, then you need to change your password on every account immediately.
Making and memorising strong passwords may seem a lot of boring effort. It is, however, a lot less stress than having your bank account cleared out.
For more information on this and tips on how to protect yourself online, visit the Moneywise hub in partnership with Cyber Aware - Stay secure online: How to be Cyber Aware - and see Cyberaware.gov.uk.
Please also take a few seconds to fill in the below poll.