Passwords and passphrases: How secure is yours?

Estimated reading time
 5 min

Key points

• Longer and more unpredictable passwords or passphrases can make it more challenging for cybercriminals to guess or crack them.
• Using a passphrase, typically made up of four or more random words may offer stronger protection than a shorter password.
• Turning on multi factor authentication (MFA), where available, can add helpful additional security.

Strong passwords are essential for protecting your online accounts and personal data.

From banking and email to social media, weak passwords give cybercriminals easy access to your information and money. Common passwords like “Password123” leave accounts wide open to hackers.

Using long, complex, and unique passwords for every account is one of the most effective ways to improve your cyber security and stay safe online. If your password is easy to guess, now’s the time to learn how to create stronger login details to better protect your accounts online.

Why strong passwords matter

Your password is the first line of defence against cybercriminals. Strong, unique passwords can help protect your personal information, financial details and online accounts from unauthorised access.

As cybercriminals have become more sophisticated, traditional passwords have become easier to crack. They may use a range of methods to compromise accounts, such as:

• Brute force attacks – Software tries many passwords until one works
• Dictionary attacks – Common passwords like password123 or admin are guessed
• Credential stuffing – Stolen login details are reused on other websites
• Malware – Harmful software records what you type, including passwords
• Scams and phishing – Fake emails, messages or websites trick people into sharing passwords

How to create a strong password

A carefully created password can help keep your accounts and personal details safe. When choosing a new password, consider the following:

• Go longer: Aim for 12+ characters using upper and lower case letters, numbers and special characters.
  
• Make it unique: Avoid common words, patterns, family names or personal details.
  
• Use a passphrase instead: A passphrase using 4 or more unrelated words can be easier to remember and more secure.

To help keep your ANZ account secure, our password guidelines allow up to 32 characters, including special characters (such as @!#$%^&*). Your password shouldn’t include personal details like your name or birth date, or sequential or repetitive numbers.

What about passphrases?

Passphrases are an effective alternative to traditional passwords. The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) recommends using passphrases over passwords because they are:

• longer and harder to crack
• easier to remember
• more secure, even without symbols or numbers

While a password is usually a short mix of letters, numbers and symbols. A passphrase uses four or more random words (like ‘Jolly-Preview-Apple-Rainforest’) to create a longer login.

How to create a secure passphrase

When creating a passphrase:

• use four or more random words
• aim for at least 15 characters
• don’t include personal information like names or dates
• use a different passphrase for each important account

Make them long, unique and unpredictable. If a website requires numbers or symbols, you can include them, but length should remain the priority.

Tips to help you stay safe online

• Use a unique password or passphrase for each account
• Turn on multi‑factor authentication (MFA) where available
• Avoid saving passwords on shared devices
• Change passwords if you’re notified of a data breach
• Keep your devices and apps up-to-date
• Consider using a reputable password manager