Internet access security–passwords


A “strong” secure password is a simple way you can take to protect internet access to your personal on line accounts. It is becoming more common for service providers such as Banks to provide a ‘strength meter’ to give a visible indication of the security rating of your password. The following are guidelines to assist you to create a secure password.


A strong password:

· is at least eight (8) characters long

· does NOT contain your user name, real name, or company name

· does NOT contain a complete word

· is significantly different from previous passwords

· contains a mix of uppercase, lowercase, numbers and special characters (examples of these are shown below)

Character category Examples
Uppercase letters A, B, C
Lowercase letters a, b, c
Numbers 0, 1, 2, 3, 4, 5, 6, 7, 8, 9
Symbols ~ ! @ # $ % ^ * ( ) _ – + = { } [ ] ? , . / |: :    (see note)

Note: Whittlesea U3A member management system accepts only the above special characters. Other sites may accept a wider range of these characters

Online account protection

· avoid using words from a dictionary (including foreign words), as hackers use dictionary tools to help find them

· change your password frequently (say, every three (3) months) for critical sites such as banks, and less frequently for other sites

· choose a password that is not easy for anyone to guess, e.g. DO NOT use your name, part of your address or other personal details

· don’t share your password

· always log off from an on line account after access is completed

· do not save passwords to secure accounts in google (web browser)

· do not use a password of all numbers or a single, repeated letter

· do not reuse or recycle passwords

Passwords used for online banking and other critical sites, such as Centrelink, are required to be ‘strong’. You may decide to use a lesser strength password for other online sites.

Recently, the Whittlesea U3A member management system applied strong passwords to each member account. Email instructions have been provided on the process to follow to change these passwords to one of your choosing.


Passphrase – try using a phrase that only you know

It is becoming common practice to select a phrase that only you know which may be related to a particular website to help you remember it.

For your email you could consider this example – “My friends Tom and Jasmine send me a funny email once a day” and then use numbers and letters to recreate it. “MfT&Jsmafe1ad” is a password with lots of variations. Then repeat this process for other sites.

This is an easy way to remember the password and is known as a ‘passphrase’.

Other examples are –

· Create an acronym from an easy-to-remember piece of information, such as My son’s birthday is 12 December, 2004. Using that phrase as your guide, you might use Msbi12/Dec,4 for your password

· Substitute numbers, symbols, and misspellings for letters or words in an easy-to-remember phrase such as My son’s birthday is 12 December, 2004 could become Mi$un’s Brthd8iz 12124 (it’s OK to use spaces in your password)

· Relate your password to a favorite hobby or sport. For example, I love to play badminton could become ILuv2PlayB@dm1nt()n.

If you feel you must write down your password in order to remember it, make sure you don’t label it as your password, and keep it in a safe place.

A future article will discuss password management applications.


If you have any queries regarding this article or password management in general please send a note using the Information Desk section on the Whittlesea U3A website or send directly to