World Password Day was celebrated earlier this month – and it couldn’t have come at a better time. We’re relying more on digital tools to work, shop and play while we stay at home. Cybercrime is also on the increase as cyber defences are likely to be lowered at this time. When you add this to the fact that the most common passwords are “123456”, “password” and “123456789”, it’s clear that we could all benefit from a refresher course on password security.
Before you judge anyone using the above-mentioned passwords, take a second to think about yours. Are you a one-password-fits-all type of person or have you kept the same email password for years? Could someone guess one of your passwords by having a casual chat with you about your pets?
If you answered yes to any of these questions, then this password security lesson is for you.
Just this once, don’t recycle
A Google survey found that 52% of respondents reuse their passwords for multiple accounts. It’s an easy trap to fall into. You come up with one good password that you memorise and decide to use it for all your accounts. The problem with this strategy is that when one of your accounts has been exposed, all your accounts are at risk. Even making small variations to your password, like Gryffindor1 and Gryffindor2, aren’t enough to guarantee security. The safest thing to do is to use a unique password for every account.
Make sure it’s gibberish
Passwords that don’t read as words or phrases are harder to remember, but they’re also harder to crack. You should aim for long passwords that are a mix of upper- and lowercase letters, numbers and symbols. If you insist on using a word or phrase as a password, it helps to substitute letters for lookalike symbols. For example, use a dollar sign instead of an S or a zero instead of an O. Avoid using sequential keyboard characters such as “qwerty” or “!@#$%”.
Don’t use personal information
You might not be using your first or last name, birthday or anniversary date as your password but this doesn’t mean that all your other personal information isn’t fair game. As a rule, you shouldn’t use any personal information in your passwords. This includes nicknames, place of birth, alma maters and names of relatives and pets. Also, when selecting security questions, choose the most obscure ones that only you can answer correctly.
Implement two-factor authentication
A strong-enough password is a reliable defence against hackers, but you can never be too careful. Two-factor authentication (2FA) is a failsafe for when your password has been compromised. It requires additional verification (usually a one-time PIN sent via SMS) before access to the account is granted. Two-factor authentication is increasing in popularity, but not all services offer it so a strong password is still your best bet.
Change passwords regularly
It’s recommended that you change your passwords every month. Don’t rotate a set of passwords between your accounts or change NetflixMay to NetflixJune. It’s important to dispose of old passwords completely and come up with new ones. Rotating passwords and tweaking them slightly puts you at a higher risk for repeated hacks. As onerous as it seems, generating new passwords regularly is well worth the effort and ensures peace of mind.
Use a password manager
Long and complicated passwords are the most secure, but they’re not easy to remember. If you’re the forgetful type, you might benefit from a password manager. Password management services store and manage passwords for multiple accounts and are protected by one master password. The passwords are strong and randomly generated so you never have to worry about whether or not they’re secure. And you only need to remember one master password to secure all your accounts.
So you’ve been compromised. Now what?
The best thing to do if you suspect that one of your passwords has been compromised is to immediately change your password for that account and any other accounts connected to it. For example, if your email password has been compromised, you would have to change the passwords for any social media accounts that were set up using that email address. But the best way to avoid a situation is to take our advice and use an ironclad password to begin with.
Remember to sign up for our newsletter and get all the latest security tips delivered to your superstrong password-protected inbox.