Personal information security

There are a number of ways to protect your personal information and stay safe online.

Use strong passwords or passphrases

Using weak passwords is a threat to your online security. If you use the same password on multiple accounts, you risk being hacked.

One of the best ways to stay safe online is to use different strong passwords across your accounts.

You can also use a passphrase. A good passphrase should be easy for you to remember, but hard for someone to guess. It should have at least 14 characters and at least 4 words.

For both passwords and passphrases, the longer it is, the stronger it is. They shouldn’t include any of the following:

  • repeated characters
  • mixed letters, numbers and symbols
  • single words, your address or sequences like 1234
  • personal information
  • anything you’ve used before.

An example of a good passphrase is ‘horsecupstarshoe’.

You shouldn’t change your passwords often, such as every month, as this leads to poor passwords.

Read more about creating strong passphrases on the Australian Cyber Security Centre website.

Use secure Wi-Fi networks

Using an unsecure Wi-Fi network can put your personal and financial details at risk.

Public Wi-Fi in shopping centres, hotels, airports and even cafés can be targets for scammers. Scammers can set up Wi-Fi hotspots in order to steal passwords, user names and credit card details.

Try to avoid using hotspots managed by people or groups you don’t know. You should:

  • use password protected hotspots
  • check the privacy and security clauses before agreeing to the terms of use
  • look for ‘https’ and a padlock in the website and address
  • use secure connections
  • turn off file sharing and location services
  • consider installing a virtual private network (VPN) on your device, which will create a secure connection.

Remember to hide details on your screen when using a computer or mobile device in public. Protect your mobile device with a password or passphrase, and set your device to lock when inactive.

If you’re using a public computer, remember to sign out of your online accounts and close the browser when you’re done.

Keep software updated

Keep your computer networks and mobile devices secure with security software.

Your mobile devices will have regular software updates. These include fixing vulnerabilities. Updating your software will give you the best protection.

Your computer should always have good virus checking software running. All anti-virus software should both:

  • detect and protect against malware, adware and spyware
  • provide thorough anti-virus scanning.

Use two-factor authentication

Two-factor authentication is an extra layer of security for your online accounts. It’s an extra step on top of your password that makes it harder for people to access your accounts.

One of the most common uses of two-factor authentication is using a code sent via SMS to your phone.

Using strong passwords as well as two-factor authentication makes it harder for scammers to access your accounts. That is because the person would also need access to something else, like the unique code.

You can use a security code for your myGov account. It’s a quick and secure way to sign in to your account. Read more about myGov security codes on the myGov website’s help pages.

Protect your mail

Some scams start with people taking mail from mailboxes or rubbish bins. Once people get information about the companies you deal with, they can use it as a scam.

They can also get your personal and banking details, or intercept bank cards or cheques. It’s a good idea to lock your mailbox. You can redirect your mail when you move or go away for long periods.

You should also destroy letters and documents that include your personal details before you throw them away.

Use tools and resources to improve your information security

There are a number of useful tools and resources that help you stay safe online.

Password managers are apps that keep your passwords safe. With these, you only need to remember one password, which is the one that opens your password manager.

For landline phones, ask your phone provider if they have a tool that can help you screen calls.

Read more about how you can protect yourself online on the Australian Cyber Security Centre website.

Find more tips on staying safe from scammers on the ScamWatch website.

Unauthorised activity in your online account

We may write to you if we notice there’s been unauthorised activity in your online account.

This can happen when criminals use your personal information to gain access to your account to conduct fraud, for example by claiming or redirecting payments.

We have security measures in place to prevent and detect this type of activity.

If you notice activity in your online account that wasn’t you, contact us. We’ll correct any unauthorised changes to your details. We can also replace stolen payments, where appropriate.

We’ll also support you to secure your accounts and personal information.

We may also tell the Office of the Australian Information Commissioner under the Privacy Act 1988. For information about the help they provide and how they investigate possible data breaches, read more on the Office of the Australian Information Commissioner website.

If we send you a letter about unauthorised activity in your Centrelink online account, check your personal details are correct. To do this:

  1. Sign in to myGov.
  2. Go to My details in the menu.
  3. Select My profile.

Sign in to myGov

You should also review your recent payments and claims. To do this:

  1. Select Payments and claims.
  2. Select My payments.
  3. Check the bank account number is correct and belongs to you.
  4. Check your past payments by selecting View payment history.
  5. Review recent claims by selecting My online claims.

You should call us if either:

  • you can’t sign into your online account
  • information in your online account is incorrect or has changed.
Page last updated: 20 February 2024.
QC 60290