It's time to review your passwords for World Password Day
Passwords are critical to securing our online work and private life communications, but they can be easy to forget when we must remember so many different passwords daily. It can be tempting to use simple passwords such as '123456', 'password' or 'qwerty' that are easy to remember, but they are also just as easy for hackers to crack.
It is always good practice to review your passwords regularly, and World Password Day is a timely reminder to take action to assess our password habits and evaluate our online accounts.
How to strengthen your passwords
Ensuring your digital life is secure doesn't have to be complicated by using the following password-strengthening techniques.
Make your password long
Hackers use multiple methods for trying to get into your accounts. The most rudimentary way is to personally target you and manually type in letters, numbers, and symbols to guess your password.
The more advanced method is to use what is known as a "brute force attack". This method uses a computer program to run through every possible combination of letters, numbers, and symbols as fast as possible to crack your password.
The longer and more complex your password is, the longer this process takes. Passwords that are three characters long take less than a second to crack.
Use a nonsense sentence
Long passwords are good; long passwords that include random words and phrases are better.
If your letter combinations are not in the dictionary, your phrases are not in published literature, and none of it is grammatically correct, they will be harder to crack.
An easy method to do this is by thinking about a sentence and then taking the initial letters.
For example, a nonsense sentence like "I play Animal Crossing at 5.30" will give us the password "IpAC@5.30".
Include numbers, symbols and a mixture of uppercase and lowercase letters
Randomly mix up symbols and numbers with letters. For example, you could substitute a zero for the letter O or @ for the letter A. If your password is a phrase, consider capitalising the first letter of each new word, which will be easier to remember.
Password formats to avoid
We're all guilty of creating easy-to-guess passwords at some point in our digital life for convenience, but here's what to avoid when it comes to strengthening the protection of your online accounts.
Avoid personal information
We love our pets, but they probably won't love you any more if you honour them in your passwords. The same goes for your name, your partner's name, your hometown, your university, and so on.
This information about you is easily discoverable, and using techniques like social engineering, cybercriminals can find and exploit this type of information with relatively little effort.
Don't reuse passwords across multiple sites
When hackers complete large-scale hacks, the lists of compromised email addresses and passwords are often leaked online.
While some of us have a 'one password fits all' method for convenience, this means that if that one password were to be compromised, it could be used to access the majority of your other online accounts too. Ensure you use unique passwords for everything.
Avoid consecutive keyboard combinations — such as 'qwerty' or 'asdfg'. Don't use dictionary words, slang terms, common misspellings, or words spelt backwards. These cracks rely on software that automatically plugs common words into password fields.
How often should you change your passwords?
There are a plethora of contradicting statements about how often you should change your password, each with different recommendations.
Regularly mandatory password changes encourage superficial changes to passwords, like a capitalised letter here or a new number there.
Unfortunately, hackers can quickly adapt to these small changes. Instead of changing the capitalisation of one letter or adding a number, you should choose a new, unique password for every website or service you subscribe to.
Creating new passwords for every website or service may seem tedious and make remembering passwords more confusing; however, there is a range of dedicated password manager tools to help. These tools will keep track of your passwords and automatically input them across your devices.
Browsers like Chrome now support built-in password management, so you don't even need to remember your passwords from memory.
Of course, if any service you use is hacked, you should change your
password immediately to stop criminals from accessing your private information.
Websites like Have I Been Pwned? can help you to find out whether an account you use has been hacked.
Is it time to review your passwords?
According to the results of LastPass' third Psychology of Passwords report, 80% of respondents were concerned about having their passwords compromised, yet 53% haven't changed their passwords in the last 12 months.
This is especially significant during the current situation, as cybercriminals look to capitalise on the current pandemic. Spend some time reviewing your online accounts and passwords to ensure your online safety. You can see how secure your password will be here.