Cyber Tip - Use Strong Passwords And Enable 2FA

Published on 28 Jun 2021

by Gosafeonline


Strong passwords are important for keeping your online accounts and personal information safe from cyber criminals, and enabling Two-Factor Authentication provides an additional layer of security.

Passwords are the key to your digital life. As the first line of defence against cyber criminals gaining access to your online accounts, passwords should be only known to you.

However, if your passwords fall into the wrong hands, the consequences of losing your online accounts, important personal information and finances could be dire, especially if you use the same password across multiple accounts. Cyber criminals could use your email to access many of your other online accounts, impersonate you and then carry out scam-related crimes on people you know.

There are many different methods that cyber criminals can use to get a hold of your passwords. One method is to use automated tools to crack your passwords. Cyber criminals can conduct dictionary or brute-force attacks to guess your password by checking your password against ‘password dictionaries’ or lists of commonly-used passwords and character combinations. The shorter and less complex your password is, the quicker it is for cyber criminals to come up with the correct combination of characters in your password. For example, the password 123456 can be hacked in less than one second.

To keep your online accounts and the information within them safe from cyber criminals, it is essential to use a strong password which is long and random and hence not easy to crack. 



How to Create a Strong Password

Here’s how to create a long (at least 12 characters) and random password that you can remember easily. You can also check out the infographic on how to create a strong password at the end of this article.

Step 1: Use five different words that relate to a memory that is unique to you. e.g. Learntorideabikeatfive

When it comes to creating a password, the longer it is, the harder it is to guess. Be sure not to use personal information such as your name, NRIC or birthdate, or other information that can be obtained easily, for instance by doing a search online.

Step 2: Use uppercase and lowercase letters, numbers or symbols to make it even harder to crack. e.g. LearnttoRIDEabikeat5

Remember to keep it random by ensuring that your password does not have a pattern and is unpredictable. This means that it should be difficult for others to guess, even with special tools. Some examples of obvious patterns include:

  • Using commonly used phrases e.g. maytheforcebewithyou
  • Capitalising the first letter of the password e.g. Livelongandprosper
  • Adding a number at the end e.g. qwerty1
  • Replacing a letter with a number or symbol e.g. p@ssw0rd
  • Now that you have successfully created a strong password, you should enable 2FA, which stands for Two-Factor Authentication, to add an extra layer of security to your account.

Enable Two-Factor Authentication (2FA) when available

2FA uses more than one type of information to identify who you are in order to grant you access to your online account. The first factor in 2FA is usually something that you know, such as a password, while the second factor is usually something you have, such as a one-time password (OTP) from a physical OTP token. Another form of authentication involves biometrics, which includes fingerprints and face recognition. The second layer of security ensures that even if a hacker obtains your password, your account is still protected if he is unable to get hold of the second factor of authentication.

2FA is readily available for many of your online accounts, including your email and social media accounts.

Maintain Good Password Hygiene

Aside from creating a strong password and enabling 2FA, it is important that you take steps to protect your password:

  • Use different passwords for your online accounts
  • Don’t share your passwords with anyone or write them down
  • Don’t log in to online services over unsecured Wi-Fi networks
  • Don’t provide your passwords or OTP in response to a phone call, email or suspicious website as it could be a phishing scam.

If you believe that your password has been compromised, change it immediately and check for signs of unauthorised activity. Don’t wait until it is too late. Start using strong passwords and enabling 2FA for your online accounts today.

For resources on creating a strong password, click on the links below to download the high-resolution image files.


Poster for Seniors are also available in ChineseMalay and  Tamil

Marketing Videos

Report a Cybersecurity Incident

SingCERT encourages the reporting of cybersecurity incidents as it enables us to better understand the scope and nature of cyber incidents in Singapore. This will enable us to issue alerts or advisories on relevant threats, and assist a broader range of individuals and organisations.
Report Incident