If your password is too short, or contains dictionary words, places or names- then it can be easily cracked through brute force, or guessed by someone. A strong password needs to be at least 12 characters long. The easiest way to make a strong password is by adding three random words together. Alternatively, use a password generator to create a long, strong random password. Have a play with HowSecureIsMyPassword.net, to get an idea of how quickly common passwords can be cracked. Want to learn more about creating strong passwords? Check out the How to create a secure password course on My.Lead

If someone was to reuse a password, and one site they had an account with suffered a leak, then a criminal could easily gain unauthorized access to their other accounts. This is usually done through large-scale automated login requests, and it is called Credential Stuffing. Unfortunately this is all too common, but it's simple to protect against- use a different password for each of your online accounts

According to research from Dashlane, the average person has about 240 online accounts. It's not going to be possible to remember a strong, unqiue password for all of these. But we can let our device do the remembering for us by saving our passwords to the browser. It is easy to do this; when we create an online account, a box will pop up saying "Do you want to save this password?" - just click "yes". It might feel like we shouldn't save our passwords to the browser, but doing this is the safest way of protecting your passwords. Find out how to save your passwords to the browser with our free course.

Never share your passwords with anyone online. This helps to stop other people being able to access your account.

2FA is where you must provide both something you know (a password) and something you have (such as a code on your phone) to log in. This means that if anyone has got your password (e.g. through phishing, malware or a data breach), they will not be able to log into your account. It's easy to get started, download an authenticator app (such as Authenticator) onto your phone, and then go to your account security settings and follow the steps to enable 2FA. Next time you log in on a new device, you will be prompted for the code that displays in the app on your phone (it works without internet, and the code usually changes every 30-seconds). Find out more about [how to use 2FA] (https://my.lead.org.uk/courses/cyber-how-to-turn-on-two-step-verification/) with our course.

When you enable 2FA, you will usually be given several codes that you can use if your 2FA method is lost, broken or unavailable. Keep these codes somewhere safe to prevent loss or unauthorised access. You should store these safely on paper or in an encrypted file on your device.