How good is your password hygiene?
We’ve probably all been guilty of using the same old password for everything or choosing something simplistic like “abcd1234” just to make life easier. The reality is that password security is far more important than most of us realise. With so much of our lives now online – from social media and work to banking and shopping – a weak password is like leaving your front door open. Hackers aren’t just after your money; they can steal your identity, lock you out of your accounts, or do much worse. It only takes one dodgy password to put everything else at risk, too; once they are into your system, it could be ‘access all areas’.
So whether you're logging into your work email or your Netflix account, having strong, unique passwords (and keeping them secure) is essential. A little effort now could save you a huge headache later. Here are some pointers to ensuring you’re on the right track.
What is a ‘strong’ password?
We’ve all been on websites where they prompt you to create a ‘strong’ password but, exactly, do they mean? Essentially, strong passwords come down to three essential factors:
- Length: you’re playing the odds, really, so a longer password is harder to guess than a shorter one. Make them at least 12 characters long but 14 or more is even better.
- Nonsense: although names or words are easier to remember, they are also easier to guess. Therefore, choosing a random mix of characters that don’t make a recognisable word is stronger.
- Mix it up: similar to the last point, including symbols and numbers along with upper and lower case letters in your password help make it more challenging to solve.
- Be different: Do ensure that your password is significantly different to any other passwords you use. If someone has hacked one, you don’t want to hand them the key to cracking any others too. It does happen: it’s called a ‘credential stuffing attack’. Once they’ve got one password, thieves will try your detials on a host of other websites – banks, social media and so on – just on the off chance that it works. So make it different.
Safe storage
Once you’ve created your strong password, you need to keep it that way by:
- Don’t share: never share a password with anyone, even a friend or family member. Much better to create them a separate login for anything they need access to.
- Don’t share (again!):� if you’re not sharing passwords, you won’t be tempted to send a password or login details by email or message. But, if you really must, think about the security of how you can. For example, sending a username by encrypted WhatsApp and then actually ringing someone to tell them the password drastically reduces the risk of either being compromised as well as the chance of getting hold of both.
- Don’t write it down: OK, that is easier said than done! If you don’t have the memory of an elephant, consider some alternatives. Using a phrase that’s memorable for you but hard to guess could be an option (“P1gs1nBl4nk3ts!” anyone?!). Use a password manager on your computer to save them for you. Write it down as a hint, rather than the full password (‘favourite holiday’). And, if you really must write it down, don’t write it on a sticky note stuck to your computer! Write it somewhere separate that anyone else would have to really hunt to find.
- Be alert: be vigilant to anyone trying to trick you into revealing your password. Anyone ‘phoning from a bona fide organisation, like your bank or a utility company, won’t need your password to access your details, they will have their own login. Don’t let them talk it out of you!
Some password security tips
A few tips on good password hygiene that might be useful.
- Ideas generation: If you struggle to think up different, strong passwords, many browsers have a password generator. Microsoft Edge, for example, can create and then remember unique passwords for you.
- Two-factor authentication: When it’s available, always enable two-factor or multi-factor authentication. This, for example, is when you pay online with your credit card and your bank texts you a one-time code to verify that it’s you using it. If someone does guess your password, they’d need to have access to your physical device as well before they could do too much damage.
- Silly answers: We are increasingly asked to provide answers to security questions when creating online accounts these days: What was the name of your first pet? Or What was your first car? There is nothing to say that you have to provide an answer that actually makes sense, that’s just human instinct. As long as your answer matches what is on their records, you’re good. So saying that ‘Blue Ford Escort’ was your first pet and ‘Colin’ was your first car is fine – as long as you remember that!
- Change it up: Finally, always, always change your password if you ever suspect that an online account has been compromised. Much better to change it and find that all is well than not bother and get caught out.
In conclusion
Although it’s a worrying subject – and we’ve all heard horror-stories – password hygiene isn’t that difficult. In fact, we’d say it’s a matter of forming a good habit. Most of us remember to take two minutes to clean our teeth before we go to bed a night, so we can all learn to take two minutes to create and save a strong password.
