Password Security

Information on how to select secure passwords, and how we check passwords submitted to the system don't appear in any publicly available lists of previously hacked passwords.

Security Advice

How we check your password security

We check passwords against a comprehensive list of "known" passwords:

  • when you register for an account on any Tyne & Wear Archives & Museums site.
  • whenever you log in to your account
  • whenever you update your password

The list is made up of publicly available data from other companies who have had data breaches since 2007.

If your password appears in the list, it means that some people who used the same password have had their data stolen.

It does not mean your Tyne & Wear Archives & Museums account has or will be hacked. It does mean the risk of someone gaining access to your account or any service where you use that password will be higher.

If your password was found. What should you do?

To register an account on a Tyne & Wear Archives & Museums site you need to choose a different password. Any password not found in the list of known passwords will be more secure.

If you are logging into an existing account, we will lock your account until you reset your password. Complete a password reset via the login form to update your password.

If you’re signing up for an account, you will not be able to create your account until you’ve chosen another password.

If you’ve used the same password to log into other online services, we recommend that you change your password there too.

Although tempting, we don't recommend using the same password across multiple accounts.

If you'd like to know more about who maintains the list and whether your email appears on it, submit your email address to the Have I Been Pwned? site. It's totally safe.

Never share your passwords with anyone. We store all passwords securely, and once you submit them nobody at Tyne & Wear Archives & Museums will ever see your password or need to know it.

Creating secure memorable passwords

Longer passwords are more secure, so the first step is to only use passwords of 8 or more characters.

The next step is to include both upper and lowercase letters.

Adding digits e.g [0-9] will add further security, as does adding special characters e.g. &£^$%@(!){}<?>/~\

When it comes to passwords that are memorable, consider using a password management tool so you don't have to, or use a memorable format like Word-[0-9]-Word-Word.

A quote from a favourite film or book with a few additional digits or special characters inserted can also be easy to remember and very secure.