Top of main content

How to create a strong password

Use a password that's easy for you to remember but hard for others to guess, such as 3 random words. It should be at least 12 characters long. Longer passwords are harder for hackers to crack.

Making your passwords as secure as possible is important, especially the ones you choose for mobile and online banking.

You should also protect other accounts, such as social media.

These days you need dozens of usernames and passwords for everything from checking your bills to connecting to your home Wi-Fi.

That means it can be tempting to make them easy to remember. But choosing strong passwords and updating them regularly can help to protect yourself against financial fraud.

It’s a good idea to make sure you have a strong and separate password for your email accounts as well. If criminals hack into those, they could reset your other passwords.

Make it memorable, but not obvious

You can create a strong, memorable password by using 3 random words. Add numbers and symbols as well if you like to make your password even stronger.

An example would be something like this:

TurfChainPasta4!

Don't use things that can be easily guessed, like your favourite football team or TV show. 

Save your passwords in your web browser (such as Chrome, Firefox, Safari or Edge) to make sure you don't lose or forget them.

This is safer than using a weak password or using the same password for more than one account.

Another way of creating a strong password is to take the first letter or symbol of an easy-to-remember sentence.  

For example, My Dog Is Called Cyril And I Live At 45 Acacia Avenue Staines could become this:

MDICCAILA45AAS

Adding 5 exclamation marks would make it even stronger:

MDICCAILA45AAS!!!!!

That's a complex 19-character password that's easy to remember.

Helpful tips

  • Choose a unique password for online banking and don’t use it for anything else
  • Think about changing your password if you're worried it's been compromised
  • Log off from websites and devices when you’ve finished using them

What to avoid

Don’t use anything that would be easy to work out, such as:

  • Names of family members
  • Names of pets
  • Favourite football teams
  • Birthdays

Don’t use any of the following either:

  • The word 'password'
  • Numerical sequences, for example '12345'
  • Easily recognised keypad patterns, such as '14780' or 'qwerty'
  • Single, common dictionary words that hackers could crack

Never write down your passwords or share them with anyone.

Also, don’t use the same user ID and password for online banking and other services.

Remember: we'll never ask you for your password. If you receive a call or email from someone claiming to be an HSBC employee, government official or even a member of law enforcement and they ask you for your password, ignore the call and contact us immediately.

Store your passwords securely

Follow these tips to keep your passwords safely stored. If you think someone else knows any of them, change them right away.

  • Never share or write down your passwords
    Never keep your passwords in unprotected documents or apps (like your phone’s Notes app) or send them by email or text. Phones and files can be easily lost, stolen, or hacked.
  • Use a secure password manager
    A password manager is a secure way to safely store all your passwords, PINs, login details, and account information. This means you can create unique passcodes for all your accounts without having to remember them yourself.
  • Use different passwords for each account
    Some websites don’t have strong security and could leak your data to criminals. If all your accounts use the same passwords, then fraudsters get access to everything. Make sure to always use different passwords, especially for your banking.
  • Enable two-factor authentication
    Multi-factor authentication asks for 2 or more forms of identity verification, like a code sent to your mobile phone as a text message (SMS), in addition to your password. It makes accounts harder to break into.

Be careful about password managers on shared devices

If you’re using a shared device outside your home, like a desktop computer at a college, library, or other public place, never save your password. And always log off and clear your data when you’re done.

For more information on password security, visit the National Cyber Security Centre’s website.

  Back to top of the page

What next?

Explore more