Protect your passwords

An easy way to protect yourself online is to maintain a strong password for all of your accounts.

On this page

Test the strength of your password

How do I use it?

  • Enter a password and tap the check button.
  • Check your results (below the search box).
  • The aim is to have all three assessment result boxes display as green.
  • If you see a red box, it's time to level up your password game! Read the guidance and take immediate action to improve your password strength using the password tips. 

 

What will the tester check?

When you enter your password, the strength tester uses complicated algorithms to figure out how hard it is to guess. It then gives you tips on how to make stronger passwords.

It also lets you know if your password has been hacked or exposed in a data breach. It helps you understand the impact and what you can do to make your passwords safer.

The tester will assess your password based on:

  • Time to crack. How long it would take for a hacker to crack the password using a computer bot. 
  • Password strength.  Assessing the strength of the password based on complexity and guessability.
  • Exposure online. Compares the password to a database of exposed passwords. If it has been posted online or involved in a data breach it is at increased risk of being used to take over your accounts.
Is it safe to use?

It's a good thing you're reading this, being overly trusting is a quick way to get hacked. It's smart to practice caution, you should never put your personal information on a website you're not sure about.

The Password Strength Tester is anonymous. We never collect, track, or store your passwords, so no one can link them to your usernames, accounts, or websites.

Your password is assessed directly from this page, not on our servers. If you close the window or switch pages, the page will refresh.

ID Support NSW educates people on the importance of identity protection and how to keep personal information safe. The last thing we want is for passwords to be sent around carelessly.

Continue to be alert and cautious, paying special attention to websites that request personal information and passwords.

Password tips

Longer is stronger

Safe passwords have more than 12 characters (the more the merrier).

Passphrases

Consider a string of random words that only you can stitch together.

Don't give it away

Avoid sharing your logins with anyone, anywhere.

Keep them guessing

Leave out personal information and easily guessed words.

Do not recycle

Avoid using the same password for all your online accounts.

Keep it fresh

If you’re worried about your password security, change it.

Pause auto-fill for forms

Turn off auto-fill and pay attention to what passwords you auto- save and auto-sign on your browser.

Check website security

Do not enter your password on an unsecure website. Check website starts with https:// instead of http:// The “s” stands for secure. 

Check connection is secure

A padlock icon in the address bar shows the site uses a secure connection. Clicking on it will provide more details about the certificate.

Upgrade from passwords to passphrases

 

It's time to move past old-school passwords. Instead, go for a passphrase. It's like a password but easier for you to remember and harder for hackers to crack. 

To create the ideal passphrase, think of a sentence or a mix of four or more words. Ideally, it needs to make up 14 characters in total.

Good passphrases

Get creative! Use unique memories or phrases that mean something to you but aren't obvious or known to anyone else. It could be a funny saying from your childhood, a quirky line from a song or a memorable holiday moment.

For example:

  • 'They will never get my recipe.'
  • 'Only MC Hammer can touch this!'
  • 'Let's-get-crack-a-lackin'
  • 'Moments with you in Whitsundays',
  • 'Store bought coffee is not my cup of tea',
  • 'It's like rain on your wedding day',
  • 'It's the good advice that you just didn't take'.
Passphrases to avoid

Don't pick anything too personal or obvious. Hackers often use your information to help their bots crack your login details. Avoid birth years, family or pet names, passions, hobbies or sports teams/players.

For example:

  • Soccer85
  • Grommy2008
  • Dashie05 or 06 the following year!

Multi-Factor Authentication (MFA)

MFA also known as two-step authentication, is an essential extra layer of protection that needs two or more verification methods. It’s a safeguard against cyber threats, especially credential stuffing, where hackers try to use stolen passwords on multiple sites (another reason for using unique login details for each account!)

Verification methods

Something you know

A password or PIN.

Something you have

A mobile device or a security token.

Biometrics

A fingerprint or facial recognition.

Protect your devices

Your devices can give hackers an open gateway to your personal information. 

Follow our advice for keeping your devices updated and secure. 

Protect your devices 

 

Contact ID Support NSW

If you believe your personal information has been stolen, used, or accessed without your knowledge or consent, our advisors can simplify the process and guide you through protecting your identity, accounts, and devices.

Contact form

Once you send us a request, we’ll do our best to reply within one business day.

Call ID Support

Call our advisors on 1800 001 040 Monday to Friday between 9am and 5pm (Sydney time).

Interpreter services are available on request.

Disclaimer: 

The information and features provided on this page serve as general awareness and education resources. We have made every effort to create a reliable tool. However, please be aware that no application or piece of software can ensure absolute security. Consult with security experts for professional advice, as needed, where appropriate.

The Password Strength Tester aims to promote improved password practices and increase awareness regarding the risks associated with using guessable, weak, or exposed passwords. ID Support NSW does not guarantee password protection, assume liability for errors, commit to updating the results, or provide a warranty for the Password Strength Tester. By using the content and tools on this page, users acknowledge and release the creators and operators of the Password Strength Tester from any associated risks. Users are advised not to copy or disclose any information without obtaining written consent from ID Support NSW.

Acknowledgements: The data source for the leaked passwords is sourced from Troy Hunt's Pwned Passwords API (https://haveibeenpwned.com).

Top of page