Guidelines for choosing strong password

To maintain the security of your account, we check the following when you change or set your password:

1. The password is strong and complex.
2. The password has not been found in any online data breaches.

If your password fails these checks, you will receive one of the following error messages:

• This password has been previously found in a data breach. Please choose a more secure password.
• That password is too weak; please choose a stronger password.

Using password managers

We recommend you use a password manager for generating and storing your passwords. This is the most secure and convenient way to manage passwords. Used properly, it completely eliminates the risk of using a weak or commonly used password.

Password managers are built into most browsers. Alternatively, there are free and paid third-party solutions available.

🚧

Important

When generating a password from a password manager, follow these guidelines:

• Increase the length: Set longer passwords (20+ characters), as they are generally more secure.
• Include all characters: Incorporate numbers, special characters, and upper and lower case letters.
• Make it unique per site: Always generate a new, unique password for each site.

What if I cannot use a password manager?

If you cannot use a password manager, consider using any three random words, for example, horsebatteryhouse as an alternative.

💡

Tip

For more information on the three random words, visit the following link:https://www.ncsc.gov.uk/collection/top-tips-for-staying-secure-online/three-random-words.

Using three random words can be difficult to remember across multiple online accounts requiring passwords, which is why our primary recommendation remains a password manager.

In short, taking the time to choose a strong password or using a password manager is an essential step in protecting your online accounts.