I have written about this topic many times in the past, and the same questions keep on reappearing. How can I keep my passwords safe? What is a secure password? Is it safe to write them down? How am I meant to remember a different password for each account? Etc., etc.

In light of all of the recent attacks and data breeches, let’s try and tackle each of these questions and provide as definitive an answer as it is possible to.

How can I keep my passwords safe?

Keeping your passwords safe is relatively simple in theory, but in practice can be quite difficult without thought and planning ahead.

You should be using unique passwords for every single account that contains access to or information around your address, financial information or other identifiable information. You should always use information which keeps you safe. Some strategies recommend that people keep their private information private and use fake names and setup a unique email address for each account.

For many people this is impractical, but it is very good advice to follow.

Other experts recommend that you use as many email accounts as you choose, but that you ensure different passwords are used for every single account regardless of the information it contains. This is my preferred method, and the one which I recommend is suitable for 90 per cent of the population; basically, anyone outside of the tech-savvy population, where the first strategy might prove more useful.

If you work for an organisation with a security policy, which requires you to have special types and lengths of passwords, then assume all of your accounts should follow the same process. This helps to ensure that you are less of a risk when it comes to being attacked.

In the current climate, remembering what you have used for each account and password is very difficult, and sometimes feels impossible. However, in some cases you are given an easy out, like signing in using your Facebook, Twitter, or other social media account. However, this opens that account up to being able to access your financial information and therefore you need to make sure you change that password often and use a secure password.

What is a secure password?

A secure password is any password which is difficult or impossible to guess. It should be a minimum of 10 characters in length and contain at least four out of the following six types of data;

  • Lowercase letters
  • Uppercase letters
  • Numbers
  • Special characters
  • Language specific characters
  • Currency characters

Any passwords you set should also be unique to the account you are giving a password to. Using words and replacing them with variations of different types of characters is one good way of making a password secure.

Do not use common passwords. There are many lists of common passwords available online. Stay away from them!

Is it safe to write them down?

In a word, no. You should never write your passwords down. However, if it is a temporary password which you will be changing the first time you use it, then in some cases, where the paper is destroyed immediately upon the password being used, then that is okay. Barely, but it is okay.

How am I meant to remember a different password for each account?

Remembering a different password sounds easy when your IT department or head of IT tells you to do it. However, in reality it can be tricky. You might find the following tricks to be useful;

  • Change letters within existing words and replace them with other letters, special characters, or other types of characters.
  • Use similar, but not identical passwords for similar types of accounts.
  • Make sure that you change your passwords frequently, cycling through an ever-changing list of passwords you have stored in your head. Using numbers in the middle of words.
  • Use sentences with words changed or letters changed to other character types to make sure that your password cannot be guessed.
  • Use things which mean something to you and are relevant to the account you are trying to access.
  • Do not use numbers at the start or end of passwords.

I have not covered password managers, which some people may find useful, but are generally not a good thing unless they are stored locally on a single device, and cannot be accessed without using two-factor authentication.