11 tips for creating a secure password

Although creating a strong password is easy, there is an art to it. Our guide is full of tips and tricks for creating a secure password.

Written by Medibank
February 2024

Using the same password for all your accounts is convenient, right? Particularly since there seems to be more and more of them every day. But “convenient” isn’t always best. Each account needs its own strong, unique password. That way you can help prevent hackers from accessing your personal and private information so you can lead a healthy online life.

Let’s get started!

Man working on his laptop

What is a strong password? 

A strong password is difficult for hackers to guess. It should be at least 12 characters long and include a mix of upper and lowercase letters, numbers, and symbols.

You should avoid using personal information, such as your name, birthday, or address. You should also avoid using common words or phrases.

Why do I need a strong password?

Strong passwords are the first line of defence against unauthorised access to your accounts. Hackers use a variety of methods to try and crack passwords:

Brute force attacks. This is where hackers try every possible combination of characters until they find your correct password. This works when passwords are weak.

Dictionary attacks. This is where hackers use a dictionary of common words and phrases to guess passwords. This is an effective way to crack passwords based on common words or phrases.

Social engineering attacks. This is where hackers try to trick users into revealing their passwords. It can happen through phishing emails or creating fake websites that look like legitimate websites.

Mistakes to avoid

If you’re thinking of basing your passwords on your family name, hobby, or a simple pattern, stop. The passwords may be easy to remember, but they’ll also be easy for hackers to crack.

Here are some examples of common password mistakes and how to fix them.

Example 1

Tom is a 68-year-old retiree who lives in suburban NSW. He has a 35-year-old daughter and a dog named Lady.

Password: penny35lady

Quote: “This password represents my daughter's name and age, It also shows the love I have for my dog. It’s very personal to me, so no one will be able to guess it.”

The problem: Tom’s used personal information, along with common words found in the dictionary. Hackers can easily crack Tom's passwords using a dictionary attack or by guessing his personal information – particularly if his personal information is on social media for people to see.

The fix: Tom could make his password stronger by using symbols and uppercase letters in random order. Rather than using family or pet names, Tom could combine his favourite sport with a type of animal. For example, Badminton and Python could become B@dMinTonPyTh0N100

Example 2

Eileen is a 39-year-old who lives in inner-city Melbourne. She has a successful career in design and has recently purchased a house in West Footscray with her girlfriend.

Password: WeFo!

Quote: “My password is so easy to remember. It’s short, fun to write and represents my suburb.”

The problem: Although Eileen's password uses both upper and lowercase letters, it’s only 5 characters long. It also says where she lives – very easy for a hacker to find out.

The fix: A strong password is a long password – 12 characters at least. Eileen could also substitute her suburb for her favourite local cafe and her favourite artist Str0NgBe@NW@rH0L78




Password checklist



    • Check out the NSW Government password checker.

If you ever feel unsafe online, file a report at ReportCyber

To help inform others about new and emerging scams, report to Scamwatch.


Latest articles about staying safe online