24/11/2025
Hi Everyone
Here is some useful advice on passwords taken from a Devon and Cornwall Community Messaging email today.
Password Security Advice
Many of us feel as though we spend far too much time clicking on "Forgotten Password" links, and this experience is far from uncommon. Historically, password advice encouraged us to create complex combinationsâlike âP@55w0rD!ââto change them every 90 days, and to avoid writing them down. Unfortunately, while this made passwords more difficult for us to remember, it did not necessarily improve their security, as computers are adept at cracking such patterns.
Current recommendations have shifted, making password management both stronger and simpler. Below is the latest guidance to help you create secure passwords without the unnecessary struggle.
1. Prioritise Length Over Complexity: The âThree Random Wordsâ Method
Computers are extremely proficient at guessing predictable substitutions, such as replacing an âaâ with an â@â or an âIâ with a â1â. However, they fare much worse when faced with longer passwords. Instead of opting for a short, complicated jumble of characters, it is better to combine three random words. The key principle is that longer passwords are inherently stronger.
⢠Bad Example: Tr0ubl3! (This is hard to type, challenging to remember, and not as secure as you might think.)
⢠Good Example: RedHouseMonkeys (This is easier to type, memorable, and much harder for hackers to crack.)
This approach helps you create a password that is both robust and memorable. If a website insists on numbers or symbols, you can simply add them (for example, 1RedHouseMonkeys!), but always remember that the length of your password is the most crucial aspect.
2. The Golden Rule: Never Reuse Your Passwords
One of the most common and dangerous mistakes is reusing the same password across multiple sites. If you use the same password for services such as Facebook, email, and online shopping, a criminal only needs to compromise one to access all your accounts. Think of it as having a master key: losing it means losing access to everything.
If remembering different passwords for every account feels overwhelming, focus on making your email and financial account passwords unique. Your email is especially important because, if compromised, it can be used to reset the passwords for your other accounts. Therefore, your email should have a unique and strong password based on the âThree Random Wordsâ method, and this password must not be used anywhere else.
3. Let Your Browser or a Password Manager Remember for You
It is not necessary to memorise every password for your many online accounts. Most modern web browsersâsuch as Google Chrome, Safari, and Edgeâas well as many smartphones, offer to remember passwords for you when you log in.
⢠Say âYesâ to saving passwords for all accounts except your email and financial accounts, which you should still memorise for extra security.
⢠Having unique, complex passwords saved in your browser is much safer than reusing simple passwords like âPassword123â everywhere.
⢠Dedicated password manager applications are also available and work across all your devices.
A word of caution: Only save passwords on devices that are used solely by you, and ensure the device itself is properly securedâby a PIN, fingerprint, or facial recognition. This prevents anyone else from easily accessing your stored passwords should they obtain your device.
Summary: Your 3-Step Action Plan
⢠Update Your Email Password: Change it to a long password using three random words. Remember, longer is stronger.
⢠Stop Reusing Passwords: Make sure your banking and email passwords are unique and not used anywhere else.
⢠Save Them: Allow your browser, password manager, or phone to remember the rest of your passwords for you.
For further information on improving your password security, visit: Improve your password security - Stop! Think Fraud.
Reporting Cybercrime
If you believe you have been a victim of cybercrime, report the incident to Action Fraud by phone (0300 123 2040) or via their website at https://www.actionfraud.police.uk. If you have lost money or provided sensitive financial information to scammers, immediately contact your bank or financial institution and inform them of the incident. Many UK banksâ fraud departments can be reached quickly by calling 159.
If you have received a suspicious email, forward it to the National Cyber Security Centreâs Suspicious Email Reporting Service (SERS) at [email protected]. Suspicious text messages should be forwarded to 7726.