Passwords and two-factor authentication
Learn how to create strong passwords and how to get support if your account is hacked. You can also report cybercrime to us online, by phone, or in person
Why you need strong passwords
People store lots of personal information in digital places. Passwords are the main way to protect it.
Hackers have tools that can crack weak passwords in seconds.
That’s why you should use strong, unique passwords backed up with multi-factor authentication (MFA).
How to report a hacked account
If you want to tell us about a hacked account, you can report it online, by phone, or in person.
Get support from other organisations
You can get support from other organisations:
- Cyber and Fraud Centre Scotland for advice and tools to protect yourself from fraud
- Cyber and Fraud Hub for advice, self-help tools like scam checkers, and a scam response hotline (phone: 0808 281 3580)
- National Cyber Security Centre (NCSC) has tools and advice to help you stay safe online
- Cyber Scotland to report cybercrime and get advice on how to protect yourself or an organisation from cybercrime
- Cyber Aware for National Cyber Security Centre advice on how to stay secure online
- Get Safe Online for advice on how to protect yourself online
Ways to protect your passwords
Create a strong password
To create a stronger password, you can:
- avoid words that can be guessed (like your pet’s name)
- use numbers and symbols (for example "Bec@uselegiblefo1der")
- use different passwords for all online accounts
- follow NCSC advice to use three random words
Use a password manager
If you use a new password for every account, it can be hard to keep them all in mind.
A password manager is an app that stores all your passwords securely. This means you can use strong, unique passwords with no need to remember them all.
Password managers can:
- sync passwords across all your devices
- work across platforms (for example, on your iPhone and Windows desktop)
- tell you if you re-use passwords on different accounts
- tell you if your password has appeared in a data breach
Protect your saved passwords
It’s also important to protect saved passwords in case your device is lost or stolen. If someone can access your device, they might be able to use your saved passwords to log into your accounts.
To protect saved passwords on your device, you can:
- avoid sharing your passwords with anyone
- turn off or lock your device when it’s not in use
- use strong passwords on your device
- use extra steps such as face ID or your fingerprint
- turn on two-factor authentication (2FA) or multi-factor authentication (MFA) for all devices and accounts
Use two-factor authentication
Two-factor authentication (2FA) is when you need to give extra proof along with your password to access an account.
For instance, you might need to:
- enter a code from a text or email
- use your fingerprint or face recognition
- use a physical key or token
Two-factor authentication (2FA) and the similar two-step verification (2SV) are both types of multi-factor authentication (MFA).
Some services (such as online banking) use MFA automatically. But you can also activate it yourself on some accounts.