How do I create strong passwords and protect my accounts from being broken into?
Create strong, unique passwords, keep them safe, and use extra protections such as two-factor authentication to secure accounts
A practical answer to the N-Level Computer Applications outcome on account security: what makes a password strong, why each account needs its own, keeping passwords safe, and using two-factor authentication.
Reviewed by: AI editorial process; not yet individually human-reviewed
Have a quick question? Jump to the Q&A page
Jump to a section
What this dot point is asking
This outcome is about keeping your accounts secure. You should know what makes a password strong, why each account needs its own unique password, how to keep passwords safe, and how extra protections such as two-factor authentication add security. In the written paper you list password strength rules, explain why reuse is dangerous, and describe two-factor authentication and its benefit.
The answer
What makes a password strong
A strong password is hard for anyone (or any program) to guess. Good rules are:
- Length. Make it long, such as at least twelve characters. Longer passwords are far harder to crack.
- A mix of characters. Use uppercase and lowercase letters, numbers and symbols.
- Not obvious. Avoid common words, names, and choices like "password" or "123456", and do not use personal information such as your birthday or pet's name, which others can find out.
A passphrase, several unrelated words joined together, can be both long and easy to remember.
A unique password for each account
You should use a different password for each account. If you reuse one password and a single site is hacked or leaked, an attacker who gets that password can log into every other account that uses it. A unique password per account means a leak affects only that one account, limiting the damage.
Keeping passwords safe
- Do not write passwords on sticky notes left in view, or share them with others.
- Be careful typing them where someone could watch.
- A password manager is a tool that stores all your passwords securely behind one strong master password, so you can have a different strong password for every account without memorising them all.
Two-factor authentication
Two-factor authentication (2FA) means you need two things to log in: your password, plus a second proof of identity. Even if someone steals your password, they still cannot get in without the second factor. Common second factors include:
- A one-time code sent to your phone or made by an app.
- A fingerprint or face scan.
2FA makes an account much safer, because a stolen or guessed password alone is no longer enough.
Examples in context
Example 1. After a data breach. A news report says a website was hacked and passwords leaked. A student who used a unique password there only needs to change that one, because none of their other accounts share it. A friend who reused the same password everywhere has to change them all in a hurry.
Example 2. A stolen password stopped by 2FA. Someone guesses a student's password, but the account has two-factor authentication, so a code is sent to the student's phone. Without that code the attacker cannot log in, and the student knows something is wrong because they received a code they did not request.
Try this
Cue. State three features of a strong password. (It is long, such as at least twelve characters; it mixes uppercase and lowercase letters, numbers and symbols; and it is not a common word or personal information.)
Cue. Explain why you should not reuse the same password across accounts. (If one site is hacked or leaked, an attacker with that password can get into every other account that uses it; unique passwords limit the damage to one account.)
Cue. Explain what two-factor authentication is and give one example of a second factor. (Needing two things to log in, your password plus a second proof of identity, such as a one-time code sent to your phone or a fingerprint.)
Exam-style practice questions
Practice questions written in the style of SEAB exam questions on this dot point, with worked answer explainers. The year tag is the paper they imitate, not the source.
Original4 marksExplain three things that make a password strong, and explain why you should not use the same password for every account.Show worked answer →
Three things that make a password strong, for example:
- It is long, such as at least twelve characters, because longer passwords are much harder to guess.
- It mixes types of characters: uppercase and lowercase letters, numbers and symbols.
- It is not a common word, name or obvious choice such as "password" or "123456", and not personal information like a birthday.
Why not reuse a password: if one account is hacked or leaked, an attacker who has that password can get into every other account that uses the same one. Using a different password for each account limits the damage to just that one account.
What markers reward: three genuine strength features (length, mix of characters, not obvious or personal), and the reuse point that one leak otherwise opens all your accounts.
Original4 marksExplain what two-factor authentication is and how it makes an account safer, and give one example of a second factor.Show worked answer →
Two-factor authentication (2FA) means you need two things to log in: your password, plus a second proof of identity. So even if someone steals your password, they still cannot get in without the second factor.
It makes an account safer because a stolen or guessed password alone is no longer enough; the attacker would also need the second factor, which they are very unlikely to have.
One example of a second factor: a one-time code sent to your phone or generated by an app, or a fingerprint or face scan.
What markers reward: 2FA as needing two things (password plus a second factor), the safety benefit that a stolen password alone is not enough, and a real second-factor example such as a phone code or fingerprint.
Related dot points
- Describe safe and responsible online behaviour, protect personal information and privacy, and respond appropriately to risks such as oversharing and cyberbullying
A practical answer to the N-Level Computer Applications outcome on staying safe online: protecting personal information and privacy, behaving responsibly, and responding to risks such as oversharing and cyberbullying.
- Recognise common online scams such as phishing, identify and prevent malware, and take protective steps such as updates, antivirus and backups
A practical answer to the N-Level Computer Applications outcome on scams and malware: spotting phishing, the main types of malware, and protecting devices with updates, antivirus, caution and backups.
- Explain copyright and plagiarism, use licensed or permitted content, credit sources correctly, and avoid copying work without permission
A practical answer to the N-Level Computer Applications outcome on copyright: what copyright and plagiarism are, using licensed or free content, crediting sources, and avoiding copying work without permission.
- Explain what a digital footprint is and why it is lasting, manage your online reputation, and apply good netiquette when communicating online
A practical answer to the N-Level Computer Applications outcome on digital footprint and netiquette: what a footprint is, why it lasts, managing your online reputation, and communicating respectfully online.
- Explain cloud storage and online collaboration, how to save, sync and share files with chosen permissions, and the benefits and risks involved
A clear answer to the N-Level Computer Applications outcome on cloud storage and online collaboration: saving, syncing and sharing files with permissions, working together live, and the benefits and risks.