How to manage and protect your passwords to keep you safe online
Passwords form the foundation of our online safety, whether that’s banking, healthcare, or even our social connections. If they’re weak or reused, they can make you vulnerable to criminals.
“When your data is leaked in a breach, scammers can use it to impersonate you, trick you into clicking malicious links, or try your passwords on other websites. They might even use that stolen information to lock your files and demand a ransom,” COBA Head of Financial Crimes and Cyber Resilience Martin Latimer said.
Strong passwords are our first line of defence against cybercriminals, and amid rising data breaches across Australia, there’s never been a greater need for good password hygiene.
To help you figure out the best way to strengthen your passwords - and why this matters - COBA’s Financial Crimes and Cyber Resilience team have put together some simple tips.
Why does password hygiene matter?
Data breaches can be a goldmine for scammers, providing them with a trove of personal and payment information that can then be exploited.
In the first six months of 2025, over 10,000 individuals were affected by cyber incidents, with malicious or criminal attacks comprising the largest source of data breaches, according to the Office of the Australian Information Commissioner.
“Having strong passwords is crucial to ensure cybercriminals can’t access your banking, government or healthcare accounts or target you with malware,” Latimer explained.
How to build stronger passwords
Strengthening your passwords doesn’t mean making them harder to remember — it means making them harder to crack. Longer, word-based phrases (known as passphrases) are usually a strong choice.
Consider a string of random words that only you can stitch together to create a unique phrase (for example: “train hall idea work” or “television table bottle snack”). Avoid using personal information or common, predictable words.
“Safe passwords typically have 10 or more characters - the longer, the better! You should further strengthen your password by combining uppercase letters, lowercase letters, numbers and special symbols, including swaps like ! for 1 or @ for A,” Latimer said.
Managing your passwords
It’s important not to share your passwords with anyone - including loved ones - and to ensure you are using different passwords for your various accounts.
Always enable multi-factor authentication (MFA) wherever it’s available. This adds two or more verification methods to create an extra layer of safety on your accounts. MFA may involve passkeys, one-time passwords (OTPs), or biometric verification.
Additionally, pay attention to where your passwords are being saved.
“While many may do this for convenience, blindly saving your passwords in your browser to be auto-filled can put your cybersecurity at risk,” Latimer cautioned.
Instead, opt for a reputable password manager with a strong master password. Ensure it offers strong privacy and security features such as encryption, MFA, and alerts if your passwords have been exposed in a breach.
What to do if your passwords have been compromised
It’s important to be aware of the signs of a data breach so you know if your password has been compromised. Look out for suspicious activity such as unauthorised transactions, unfamiliar log-ins, unsolicited password resets, or alerts from financial institutions or service providers (even those you don’t normally use).
You can also check if you were affected by a data breach using platforms such as Have I Been Pwned.
If you believe your passwords may have been compromised, take immediate action to secure your accounts. Update your passwords across important accounts and run anti-virus software on your devices (including your phone) to check for ransomware.
If you are contacted by someone you suspect is a scammer, report the scam to the National Anti-Scam Centre – Scamwatch to help protect others.
For more information on how you can strengthen your online safety and keep your personal information secure, visit Cyber.gov.au.
