Whenever you leave your home I’m sure you make sure that you secure the building – after all, you wouldn’t want to come home and find an intruder, or discover that your prized possessions have disappeared, would you?
Likewise, I’m sure you wouldn’t want anyone gaining access to your computer, or any of the information you keep on the internet.
That’s why you need passwords.
And lots of them.
In many ways your passwords, in conjunction with your username, are the key to your digital life and, just like you wouldn’t use a key with no cuts on it, you wouldn’t want to rely on weak login credentials to keep you safe either.
Given the fact that usernames are used across a range of sites (it’s typically an email address, after all), your passwords better be good if they are to stop an attacker gaining access to all your accounts.
You’ll note at this point that I’ve said passwords – you will definitely need more than one because, if you don’t, you’ll be putting all your eggs into one basket – if that single password gets hacked, or revealed by the ever-increasing number of data breaches we keep hearing about, then all of your online accounts are immediately compromised at the same time.
Just think about that for a minute – how would you feel if someone could access your email, Facebook, bank, sign you up for inappropriate sites and post on your Twitter account?
While suffering one of the above would be bad, having every account compromised at the same time would be truly tragic.
That’s why I recommend a password manager.
By using a highly rated program, such as LastPass, KeePass or 1Password, you can rely on the software to remember all of your complex passwords for you while only having to remember the master password for the program itself. For more options check out our list of the best password managers. If you’re still not sure have a read of our guide to the pros and cons of using a password manager.
Given that the main excuse many people give for not using strong, unique passwords is their inability to remember them all, a password manager really is a useful tool.
Creating a strong password
Once you are setup with a password manager, you will be well placed to start creating unique and strong login credentials for every online account under your control.
To do so, here are 5 tips:
- make use of your entire keyboard – too many passwords are overly reliant on lower-case letters which makes them weak and easily cracked. Instead, mix in numbers, symbols (!”£$%^&*) and capitals
- change your password on a regular basis – with a password manager in place this won’t be too much of a chore and, unless you keep up with data breach news, will add some degree of extra security should your login credentials be compromised via an incident with a third party
- as previously mentioned, always, always, use a different password for every account – doing otherwise is just asking for trouble
- make your password as long as possible – the shorter it is, the easier it will be cracked by automated password-guessing tools. Aim for an absolute minimum of 8 characters and a whole lot more if possible, especially when using a password manager which will negate the need to remember even the most complex of passwords
- if you are not entirely comfortable using a password manager, try stringing several memorable words together – but change letters for numbers where possible, i.e. ‘e’ becomes ‘3’, ‘a’ becomes ‘4’, and throw in some punctuation and other symbols for a degree of extra complexity
Of course there are also some pitfalls to avoid when choosing a password:
- do NOT use personal information as a password – you may think no-one else knows your mother’s maiden name, or your firstborn’s date of birth, but you’d be wrong – the internet and electoral role never forget a thing
- do NOT make a password that consists solely of simple words, such as “cat” or “London” – attackers can use something called a dictionary attack to break passwords like that in milliseconds
- never use any password that appears on a list of those most commonly used, such as the timeless classics of “123456” or “password1” because, surprise, surprise, they are often the first ones an attacker will attempt to use when trying to compromise your account
- never, ever share your password with anyone – if you’ve gone to the trouble of creating a strong password why would you want to undo all that good work by then giving it away? Also, remember, doing so at work may be a serious offence, and quite rightly too
- never send your password in an email – no company of note would ever ask you to do so. Also, never give your password out over the phone – some companies may ask you to confirm one or two characters for verification purposes, but never the whole thing
- don’t make your password identical to your username – this happens far too often and hackers are well aware of that
- never write your passwords down and definitely do not put them on a post-it note stuck to your monitor – that’s just asking for trouble
- also, beware secret questions – some sites offer the ability to retrieve a lost or forgotten password by entering the answer to a pre-chosen question. If you aren’t careful here you may inadvertently make the appropriate answer easier to guess than the password itself.
One more piece of advice – if a site offers two factor authentication (the means to confirm your identity via an additional control method, such as your mobile phone), seriously consider taking advantage of it as it will almost certainly offer a strong, additional layer of security.