When it comes to computer passwords, Erin Chapman doesn't take chances.
That means lengthy, complicated, regularly-rotated combinations, not using the same one for any two websites, and steering well clear of password-storing software.
It might be that she's slightly paranoid about hackers.
Or it might be that she's a cryptography whiz who's just landed a coveted spot in a world-renowned cyber security programme at Oxford University.
The 25-year-old Aucklander, who just completed a masters in computing and information sciences at AUT University, has a rare mind hard-wired to navigate complex algorithms in a way that even the most mathematically savvy of us would struggle to.
In the last few years, she's turned it toward cryptology - the art of writing and breaking codes.
The field is perhaps best known for Alan Turing, the godfather of computer science whose mastery of the Nazi Enigma cipher at Bletchley Park during World War 2 was chronicled in the movie The Imitation Game.
But rather than trying to beat codes - called cryptanalysis - Chapman loves creating them, designing the kind of algorithms that protect us when we log into our online bank accounts.
A voracious reader from a family of bookworms, she'd first studied English literature and ancient history before switching to a bachelor in science and computer science at the University of Auckland.
Later, at AUT, she took a cryptography course which taught her about early codes and ciphers.
"I thought the whole thing was really fascinating," said Chapman, whose previous experience with code-cracking had been limited to sodoku puzzles and UK science writer Simon Singh's The Code Book.
When she asked her AUT lecturer, Dr Brian Cusack, about where to study next, Chapman was stunned to hear him suggest Oxford, the second oldest and regularly top-ranked university in the world.
"They've got a really great cyber security programme there... but I thought it was a completely insane idea."
Still, she became one of 16 out of 100 applicants picked for the course - something she said was partly due to her finishing her AUT thesis in half the time she was given.
"When I found out I'd got an interview, I spent the whole day grinning from ear to ear, and then when they told me I'd got in, I was really stoked," she said.
"I'd been working on my back-up plans and it was one of those things that was a really nice day dream.... and then it actually happened.
"It still doesn't seem quite real. I'm leaving in four months and still can't get my head around it."
The first of her four years there will explore the wider picture of cyber security, from legislation and enforcement to business and technology.
"It's going to be really interesting to see it from all of those different angles, instead of just the computer science of it."
Ultimately, she'd love to become an academic specialising in cryptography, rather than a private sector code-maker.
While major ransomware attacks like the WannaCry cryptoworm which this month infected more than 230,000 computers in 150 countries had increasingly put cyber security in the spotlight, Chapman said it was the global explosion in "big data" that would pose the big challenge to people like herself.
"The sheer scale of the data we are generating today means that we've got to look at the effiency of the algorithms that protect it, and not just the strengths.
"Because the stronger you make the algorithm, the longer it's going to take, and you have to ask - how do we make this realistic, and what are we willing to sacrifice."
She doubted the world could ever win the war against hackers - but only try to stay ahead of them.
"Whatever we come up with, someone else is going to figure out a way around it, so it's up to us to keep coming up with better, stronger and faster encryption algorithms."
Five ways you can polish your password
Rather than using a short jumble of letters and numbers, think of a four-word phrase, Chapman said. Not only is this easier to remember, the longer the password, the harder it is to crack.
Avoid password-storing software. If that gets compromised, so does everything else.
To make it even tougher for code-crackers, swap letters for symbols, using "@" for "a" and "$" for "s".
Never use the same password for more than one website.