Passwords are part of our everyday life. We use them when we bank or shop online, and to access other apps and websites. They help to protect us, our money and our data when we use our phones, laptops and other devices.

They're part of a safety feature called 'authentication'. Companies we deal with use this, to check it's really us. For instance, your bank might send you a text code before they put a payment through.

In this lesson, we'll show you how to get the most from these features. You'll find out how to set strong passwords that others can't easily guess. We'll explain how you can use things like your face or fingerprint to stay safe. You'll also see how using more than one type of authentication can add an extra layer of safety for you.

KEY LEARNINGS

  • Know how to make a strong password
  • Be aware of tools to help create and store your passwords
  • Use authentication to help keep you, your money and your data safe

Read time:

5 mins

Chapter 1

Create and manage passwords

Read time:

2 mins

Why we need them

Passwords help protect the things that matter to you. This means your devices, your personal details – even your bank account. They check that you are who you say you are, and help to stop other people getting at data you want to keep private.

 

What is a strong password?

When you set up a password, most websites and systems have rules on what to include. These rules help you create a strong password – one that is hard for others to guess. For example, they may want a password is at least 8 characters long. Often,  they’ll ask for a mix of upper and lower case letters, numbers, and special characters like * or ! 

 

How to create a strong password

So, how do you create a password that other people can't easily guess? Passwords that use whole words, like your pet's name or your favourite sports team are easy to guess. Especially if they use details that other people could find out. Try to think of something that has no link to you. Avoid common options like ‘password’ or ‘1234’, too. All these tips will help deter other people guessing your password themselves. 

Cyber criminals also use ‘password cracking’ software. This can quickly test lots of passwords to find a match. So when you think of a stong password, you need to pick one that will slow or stop this from working, too.

All this to consider, and you'll also need to remember what the password is. So how do you do this? The National Cyber Security Centre (NCSC) recommend you start with three random words. Then join them together and mix in other characters.

 

The 'three-random word' way to create a strong password:

Think of any three words

Tree Fist Same

Swap letters for numbers

Tr3eF1stSame

Add special characters

Tr3eF1stS@me

How to change a password

You can change your password at any time. If you think someone has guessed or used one of your passwords, you should change it straight away.

Change a device password

Most devices let you change your login password through Settings. Look for the cog icon or search 'change password'.

Change a website or app password

Search or use the menu to find the 'profile' or 'account' section. You should find how to change your password there.

Storing your passwords - our top tips

  • If you need to write your passwords down, keep them in a safe place, away from all your devices
  • Your web browser may ask if you want to store your password with them. If no one else uses that device, this is a safe option 
  • Alternatively, you may want to use a password manager

Always try to use a different password for each of your accounts, and never use the same one as your banking  or email accounts.

 

Password Managers

The NCSC also recommends using a password manager. These tools can create your passwords and store them safely. So, you just need to remember one strong password – the one for your password manager.
 

How a password manager works

When you need to create a password, your password manager may suggest one for you. This will be a strong, complex password. It will then offer to store your password safely. So the next time you log into that site, it will automatically fill in your password. That's it - no need for you to think up and remember all your website and app passwords!

Some password managers are built into your device's systems - like Google Password Manager and iCloud Keychain. Other free options include Bitwarden and KeePass. Paid-for tools, like 1Password and Keeper include other security features. 

These tools aren't completely risk-free. Most rely on you using (and remembering) a single strong password to access the password manager itself, though some use something called multi-factor authentication (MFA). This makes it easier for you and harder for others to access the tool. We'll talk more about MFA in the next chapter.

 

Find out more

The National Cyber Security Centre have a handy guide on creating and using passwords.

Download guide (PDF, 235KB)

Chapter 2

Authentication and how to use it

Read time:

3 mins

What is authentication?

In the last chapter, we looked at passwords. You may use these to log into a PC or laptop. But how do you get into your phone? Does it ask for a PIN or a pattern to unlock it? Maybe you use your face or fingerprint for this and to access your apps. These are all examples of authentication. 

Websites and other software use authentication to check your identity. It's how you prove who you are, to gain access to devices, sites and apps. There are many different types, and sometimes we use more than one to give an extra layer of safety.

Passwords are a common type of authentication.

Let's look at the other types:

 

Multi-factor authentication (MFA)

Also known as 2-factor authentication or 2-step verification (2SV), this means using more than one security ‘factor’. For instance, you may set up your device to unlock from your face scan. But what if it's dark and your phone camera can't see your face clearly? You can add a PIN or pattern as a backup way to unlock it. That's the second 'factor'.

Let's look at another example. You're shopping online and have reached the checkout page. You choose your payment method and give your card details. Then a screen pops up to say your bank wants to check it's really you. They may send you a text code or ask if you want to use the app to confirm. Either way, this is the second 'factor' – the extra layer of security.

Some of the authentication methods you've seen in this lesson are all about giving you this extra protection. Like text codes from your bank or authenticator apps. Others work on their own, but sometimes with other methods too. It's good to have backup options, especially if it saves you from creating and managing more passwords.

 

Where do you see MFA?

Built into some devices, apps and sites

Like Apple and Google accounts. So if you forget your password, you can still access your account.

Banks sometimes use it when you shop online

For instance, if you're buying something from a site you haven't bought from before.

You can set up 2SV for other sites and apps

It can give you extra protection, especially if someone does manage to get hold of your password. 

The benefits you can get using MFA:

  • Greater security
  • Reduced risk of fraud
  • Better user experience for you
  • Takes away password risk

What to bear in mind:

  • It may take longer to log on or complete a purchase
  • You may need another device – For example, if you're buying on your laptop and get a text to your phone

Want to find out how to set up MFA on your accounts? See the NCSC's handy guide. It shows you how to set up for email, social apps and other sites.

 

Lloyds Bank Academy is committed to providing information in a way that is accessible and useful for our users. This information, however, is not in any way intended to amount to authority or advice on which reliance should be placed. You should seek professional advice as appropriate and required. Any sites, products or services named in this module are just examples of what's available. Lloyds Bank does not endorse the services they provide. The information in this module was last updated on 29th January 2024.