Passwords are critical to securing our online work and private life communications, but they can be easy to forget when we are required to remember so many different passwords daily.
It can be tempting to use simple passwords such as ‘123456’, ‘password’ or ‘qwerty’ that are easy to remember, but they are also just as easy for hackers to crack too.
It is always good practice to review your passwords regularly, and World Password Day is a timely reminder to take action to assess our password habits and evaluate our online accounts.
How to strengthen your passwords
Ensuring your digital life is secure doesn’t have to be complicated by using the following password strengthening techniques.
Make your password long
Hackers use multiple methods for trying to get into your accounts. The most rudimentary way is to personally target you and manually type in letters, numbers, and symbols to guess your password.
The more advanced method is to use what is known as a “brute force attack“. This method uses a computer program to run through every possible combination of letters, numbers, and symbols as fast as possible to crack your password.
The longer and more complex your password is, the longer this process takes. Passwords that are three characters long take less than a second to crack.
Use a nonsense sentence
Long passwords are good; long passwords that include random words and phrases are better.
If your letter combinations are not in the dictionary, your phrases are not in published literature, and none of it is grammatically correct, they will be harder to crack.
An easy method to do this is by thinking about a sentence and then taking the initial letters. For example, take a nonsense sentence like “I play Animal Crossing at 5.30” will give us the password “[email protected]”.
Include numbers, symbols and a mixture of uppercase and lowercase letters
Randomly mix up symbols and numbers with letters. You could substitute a zero for the letter O or @ for the letter A, for example. If your password is a phrase, consider capitalizing the first letter of each new word, which will be easier for you to remember.
Password formats to avoid
We’re all guilty of creating easy to guess passwords at some point in our digital life for convenience, but here’s what to avoid when it comes to strengthening the protection of your online accounts.
Avoid personal information
We love our pets, but they probably won’t love you any more if you honour them in your passwords. The same goes for your name, your partner’s name, your hometown, university, and so on.
This information about you is easily discoverable and using techniques like social engineering, cybercriminals can find and exploit this type of information with relatively little effort.
Don’t reuse passwords across multiple sites
When hackers complete large-scale hacks, the lists of compromised email address and passwords are often leaked online.
While some of us have a ‘one password fits all’ method for convenience, this means that if that one password were to be compromised, it could be used to access the majority of your other online accounts too. Ensure you use unique passwords for everything.
Avoid consecutive keyboard combinations — such as ‘qwerty’ or ‘asdfg’. Don’t use dictionary words, slang terms, common misspellings, or words spelt backwards. These cracks rely on software that automatically plugs common words into password fields.
How often should you change your passwords?
There are a plethora of contradicting statements about how often you should change your password, each with different recommendations.
Regularly mandatory password changes tend to encourage superficial changes to passwords, like a capitalised letter here or a new number there. Unfortunately, hackers can easily adapt to these small changes.
Instead of changing the capitalisation of one letter or adding a number, you should choose a new, unique password altogether for every website or service you are subscribed to.
Creating new passwords for every website or service may seem like a tedious task and may make it more confusing to remember passwords; however, there is a range of dedicated password manager tools to help. These tools will keep track of your passwords and automatically input them across your devices. Browsers like Chrome now support built-in password management, so you don’t even need to remember your passwords from memory.
Of course, if any service you use is hacked, you should change your password immediately to stop criminals accessing your private information. Websites like Have I Been Pwned? can you to find out whether an account you use has been hacked.
Is it time to review your passwords?
According to the results of LastPass’ third Psychology of Passwords report, 80% of respondents were concerned about having their passwords compromised, yet 53% haven’t changed their passwords in the last 12 months.
This is especially significant during the current situation, as cybercriminals look to capitalise on the current pandemic.
Spend some time to review your online accounts and passwords to ensure your online safety. You can see how secure your password will be here.