A guide to setting passwords
If you're setting a password for your CareHQ account then this page will help you to generate a secure password (that you can also remember).
If you've forgotten your password and are looking for help on how to set a new one, we have a short video guide on resetting your password.
Password rules
CareHQ has a number of requirements for passwords:
- All passwords must be at least 10 characters long.
- All passwords must contain a mix of (at least one of each) uppercase characters (A-Z), lowercase characters (a-z), as well as numbers (0-9).
- Passwords are checked against a database of known stolen passwords. If a password has been discovered previously in a data breach (for any user, not just you) then it cannot be used.
Every time you sign in to CareHQ your password is checked against the haveibeenpwned database of pwned (leaked/stolen) passwords. This means that in the future, if the password you have set appears in a list of passwords leaked in a data breach, you'll be warned when you next sign in and prompted to change your password.
Generating a secure password
Even though CareHQ enforces a number of requirements for passwords, that doesn't mean it's easy to set a password which is secure.
3 things to avoid when generating a password
- Avoid using personal information. It can be tempting to set a password based on information personal to you so that it's easier to remember; for example you might include your pet's name, a date of birth, the house number from your address or even the name of the care home you work at. Cyber criminals know this and are often able to find information about you from sources such as social media accounts, making your password far less secure.
- Don't circumvent the password requirements. To meet the requirements but still keep passwords simple it can be tempting to just include one uppercase character at the start of your password and a number at the end. An infamous example of this is Password123 (seen in over 46,000 data breaches). Cyber criminals know this and will check for these patterns when attempting to discover your password, which means any security benefits are lost.
- Don't reuse your password. The most obvious example of this is not to reuse an old password when setting a new one, but also you should avoid using the same password for multiple accounts and services. For example don't use the same password for CareHQ as you use to sign in to your Netflix account. If you use the same password across lots of applications and websites, if any one of them is hacked then the security of all your accounts which share the same password will be compromised. The more websites and apps you use the same password on, the greater the security risk.
Tips for generating secure passwords
-
If you're not using a password manager to remember your passwords then we recommend creating a passphrase using 4 or more random words and a number. While passphrases are longer (which is good for security) they are also easier to remember than passwords using only random characters, for example:
-
cattle 5 trophy seat TREE
-
dark PANDA stuck 24 background
-
- If you are using a password manager (which we recommend) then it will likely support a feature to generate passwords. A password generator (one approved by your IT department) will create strong passwords (that are usually not easy to remember) and store them for you so you don't need to remember them.