Safeguarding |  Vacancies |  Documents | Events and Training |  Find a Church Contact Us
Home > Support for parishes  > Parish Giving and Fundraising > Help With Digital

Password Security Tips

Why do we need good passwords?

A password is like a key that protects your important information online—from your email to financial details or church accounts. A strong password helps ensure that only you (and those you trust) can access your private data. You'll likely have several online accounts at the church and the password you chose for each.

But remembering so many complicated passwords is hard isn't it? How are you supposed to keep track of them all, especially as we're often told not to write passwords down?

There's an internet meme that mocks the idea of a notebook of written passwords. But in fact a notebook of all your unique passwords is a good idea. It ensures that you don't have to remember complex passwords, encourages you to have longer secure passwords, and to make sure you have a unique password for each separate account. 

Just don't make it obvious what the notebook is for, and keep it somewhere safe. Don't leave it with any of the devices that it relates to. A notebook cannot be hacked from the internet, so it's a good solution as long as you use your common sense about where you store the book. Never leave it in the church, keep it on you when there, and store it safely at home. It's a good solution for all your personal passwords too. 

Alternatveily consider using a digial password manager, these work in a similar way to a notebook of passwords. There are numerous paid and free password software solutions. These can help you store and generate unique passwords in a secure program that only you can unlock with just one simple secure password, face unlock, or fingerprint. That way you have thousands of complex unique password yet only need to remember one. For a free solution look at Keepass, or for paid solutions look at software such as 1Password, BitWarden, or Dashlane. Software such as this enables you to securely sync your password vault across all of your personal devices.

 

Steps to Create a Strong Password

  1. Keep It Long and Mixed: Aim for at least 12 characters or more. Sixteen characters is ideal. This might seem like a lot, but longer passwords are harder for others to guess and hackers to randomly find. Include uppercase letters (like A, B, C), lowercase letters (a, b, c), numbers (123), and special characters (like ! or #). Password length is really important; in theory a 12 character password could be cracked in a few to a few thousand years, meanwhile a 16 character password could take billions of years. 

  2. Avoid Obvious Choices: Do not use easily guessable information such as your name, birth date, or simple patterns (for example, "123456" or "password"). Instead, think of something that is unique to you but not obvious to others. All too often recently we've seen churches use the name of the church, this year's date, and the nature of the account as a password. "StMarysCollecTin2024" is not a good password. 

  3. Consider a Passphrase: A passphrase is a short sentence, such as “Happy-Cow-Leaps-Banana-Cowshed-304%”. You need to remember passwords if you're using a password notebook or digital vault. But having flowing passwords like this makes them much easier to type in when referring to your password storage/notes. And you can see the previous example is also a long password, making cracking it even harder. 

  4. Never link the content of your password to something else: Don't use memorable dates, the name of the church, your name, Do your best to make sure that no one could ever guess the password.

  5. Never reuse passwords: No matter how good your password is, if a password is compromised it should ever only open up one account. Never have the same password used for other accounts, or have very similar passwords with easilty guessed changes on your other accounts. 

 

Keeping Passwords Safe

  • Change Passwords Regularly: It’s wise to update your passwords every six months or sooner if you suspect someone may have seen it. Even a simple change can boost your online safety.

  • Do Not Share Your Password: Keep your password private. If you cannot remember or have lost a password then websites offer you ways of securely reseting lost passwords. Never leave passwords written down near devices. We've seen churches with passwords taped to the back of laptops or ipads, do not do this. 

  • Be Cautious Online: When an unexpected phone call or email asks for your password, remember that a legitimate organization will not ask you for it, so don’t share it. There are no situations where someone would ask you for your password.

  • Use Two-Factor Authorisation: Many websites and accounts offer two-factor authorisation. This is an extra layer of security that means you'll need a code from an email, SMS message, or authorisation app to proceed even after using your password. Enable two-factor authorisation is worthwhile - as long as you know the authorisation email address or phone receiving the text message is private and secure. 

 

Final Thoughts

Good password practice is all about creating something unique. By keeping your passwords long, mixed, and private, you greatly reduce the risk of unwanted access to your digital life. Think of this practice as a small yet significant way to protect not just your personal information, but also the community you care about. Don't necessarily aim for an easily remembered password, instead use some of the techniques we've discussed above to create long, unique, and complex passwords that you can write down and keep in a safe place or use password software. Good password practice should take the stress out of your online security, and the anxiety of trying to remember the digital padlocks to your various church accounts. 

Powered by Church Edit