How secure is my password and PIN?

It’s tempting to take the easy route with passwords and PINs. After all, who can remember 20 different strong combinations of letters and numbers? Reusing passwords isn’t the safest idea, though, so it’s worth using certain tactics to make your passwords as secure as you can. Try to make your password as long as possible and include a mix of upper and lowercase letters, numbers and symbols to make it even more random.

Woman entering her pin number into a chip and pin device

Strong passwords make life harder for hackers

Using common choices such as 'password', 'qwerty', or '123456', can make it easier for fraudsters to guess your password. Once they know it, they might log in to your email account to gain access to your banking information or social media accounts. They’re then only a step away from getting your personal details or stealing your money.

Sometimes hackers use a ‘dictionary attack’ to identify weak passwords and common passwords, which means trying thousands of common words from the dictionary as your password.

They might also use a ‘brute-force attack’ to discover more random passwords. They do this by combining words and numbers in thousands or millions of ways using special software to eventually match your chosen combination. Sites often block this before it has a chance to succeed, but you can never be too careful.

The key to a strong password

Add numbers, letters and special characters

Don’t be afraid to be creative with your password. For example, you could include a full stop after the third letter or an exclamation mark before the final letter. Alongside a mix of upper and lowercase letters and numbers, these special characters make your password less predictable and therefore harder for fraudsters to figure out.

Join random words to form a memorable phrase

Another approach is to combine three totally unrelated words into one longer word. For example, SequinedSlothSlippers. Because there’s so many more words than individual letters and numbers, combining unusual words can create passwords that take an impossibly long time for fraudsters to crack – most aren’t nearly that patient.

Also, this type of strong password is easy to remember because it creates a funny mental image and doesn’t rely on lots of unusual characters.

Keep your password safe

Hackers know that people are creatures of habit and often use the same password across multiple online accounts. You can avoid this and keep your password safe by using the following tips:

  • Use a different password for every service and site.
  • To increase password strength, add a couple of unique letters to the start of an already strong password, to make it even stronger and harder to guess. For example, for Barclaycard it could be BCSequinedSlothSlippers.
  • For more tips on staying safe online, check out the Digital Eagles online courses.

Protect more than your password

If fraudsters can’t crack your passwords, they might try guessing the answers to your security questions, so try and create security questions that no one else could guess. This means you should avoid using information that can be found on your social media or in your family records. After all, if your secret question is ‘What is your pet’s name?’ and you have pictures of you and your dog Buster plastered all over your social media, then it won’t take long to find the answer.

Often, all it takes to avoid giving fraudsters a helping hand is to consider what information they could easily find on you. Check out the national awareness campaign Take Five for more information.

To lower the chance of a fraudster using your social media to research you, set your privacy settings on social media to include only friends and family. You’ll still get all the likes without any of the worry.

It’s a small step, but changing your privacy settings could prevent identity theft.

How to change privacy settings on Facebook

  • Click About below your cover photo, then hover over the information you’d like to change and click Edit (on some devices, these steps could differ).
  • Use the Audience Selector next to the information to choose who you’re sharing it with.
  • To check what your profile looks like to other people, use the View As tool.
  • If one account gets hacked, it could help criminals access others. Your email is probably your most precious account, as it’s used to recover and reset passwords for online shopping sites, bank accounts and other payment services. The password for your email should be completely unique and it’s best to consider changing it every so often in case it’s made public in a data breach.
  • To help protect your personal data online and offline, check out our Fraud Fighter tool. It’s packed with top tips on digital security, data protection and how to spot scams.

Has my email been hacked?

If you think your details could have been part of a data breach, it could be worth checking your credit rating to see if it’s been affected by applications and activity outside your control.

It could also be a good idea to learn about some of the other causes of a bad credit rating, so you know what else could have affected your score.

Forgotten your password? Watch out for sites that email your current password to you when you try to reset it. This could mean the site has an unsafe password policy and if it’s hacked, your full user login could be exposed. Secure sites make you pick a new password that contains features that make it difficult to crack.

How to choose a secure PIN and keep it safe

The rules of choosing and using a secure password also apply to PINs.

Avoid using the same PIN across different cards.

  • Avoid using your year of birth or another date that is important to you and therefore easy to guess.
  • Shield your PIN when you’re at a cashpoint or checkout, or use contactless to skip entering it altogether.
  • To make contactless even safer, you can carry an ‘anti-fraud’ wallet, which is just like a normal wallet, except it’s lined with metal to make it impossible for someone to scan the card using a contactless card reader when it’s not in use. Find out more about using contactless to pay.
  • You can change your Barclaycard PIN to one that’s more secure at a Barclays cash machine or the cash machine of many other banks in the UK.

What's next?

Choosing strong passwords and PINs is a huge part of keeping your identity protected. The main points to remember are:

  • Use a different, strong password for each account.
  • Avoid including personal information, such as your year of birth, in your password.
  • Once you’ve got your passwords sorted, learn the ins and outs of protecting yourself against identity theft – a crime that criminals don’t always need secret info to commit.
Find out more about identity theft