The biggest threat to your online security –from email to banking to e-commerce– is a weak password. A strong, hack-proof password keeps your confidential information safe and is your best defense against hackers breaking into your accounts. However, many people are indifferent about their password security or find choosing the right password difficult, a fact that hackers know all too well: with high-powered computers and sophisticated software, hackers can make up to 350 billion attempts at cracking a password every second.
How can you stay one step ahead? Whether you’re looking to beef up or change your existing passwords, follow the handy tips below to make sure your confidential information is kept safe, secure, and for your eyes only.
1. First things first: choose a password that cannot be easily guessed or hacked. Never use personal information like your birthday or phone number or the names of your family members or pets. Avoid “dictionary words”, which are common words, dates, names and numbers, as well as keyboard patterns (QWERTY, for example) and sequential numbers (12345)…while these may be tempting, the simpler the password, the easier it is to hack.
Experts say that a strong password will be at least 12-14 characters long, contain a mix of numbers, symbols, punctuation, capital letters, and lower-case letters. Don’t rely on obvious substitutions: “F10wer” is not a strong password simply because you replaced the “o” with a zero and the “l” with a one.
2. Don’t post your password in plain sight or save it on your device. Creating a complex password and then posting it on your monitor with a sticky note or storing it in a file on your computer renders your password virtually useless if a hacker ever gets physical access to your PC, phone or tablet.
3. Create a passphrase instead of a password. It’s safer to use a passphrase than a password. Passphrases are strings of words combined together; because they are longer and more complicated they reduce the chances of your password being hacked.
To create a passphrase, think of a sequence of four or five unrelated words that are memorable to you. Don’t use easy combinations or well-known phrases or song lyrics like “don’t worry be happy”. Instead, use a string of unrelated words like your four favorite things, for example, “football cars chocolate dogs”. Add capital letters, symbols and numbers to make the passphrase more secure. Thus, “football cars chocolate dogs” becomes “f00tb”11+C@rs+Ch0col@te=d0gs!”.
Another method is to choose a memorable sentence and then adapt it in a way that is easy for you to remember but hard for others to guess. For example, if you choose “make love not war” as your passphrase, you could adapt it by:
- Removing the vowels: mklvntwr
- Changing the vowels into numbers: m1k2l3v4n5tw6r
- Changing every third letters into a capital: m1k2Ll3v4N5tw6R
4. Create a password or passphrase that is easy for you to remember but hard for others to crack. For example, “The first house I ever lived in was on 414 Sesame Street. I lived there for 10 years”. Turn it into a password by using the first letter or digit of each word, so your sentences become: “TfhIeliwo4SSI.ltf1y”.
5. Never use the same passwords for multiple accounts. While it’s tempting to use the same password for all your online activity, having a single password increases the risk to your confidential information: if hackers manage to crack your password on one account, you can be sure they will try to use that same password to access your other accounts.
A good method for remembering different passwords for multiple accounts is to choose a strong password and then add the site name to the beginning or end. If you want to use the “TfhIeliwo4SSI.ltf1y” password from the previous example for your Facebook account, add “F@ce” to the beginning so that it becomes “F@ce_ TfhIeliwo4SSI.ltf1y”. Use the same password for your Twitter account by adding “Tw1tter”: “Tw1tter_TfhIeliwo4SSI.ltf1y”.
6. Don’t save your passwords in a web browser. Passwords stored on your browser are often vulnerable: the row of dots that appear can be easily cracked by an experienced hacker.
7. Be careful on public computers and when signing into Wi-Fi hotspots.
Never use the ‘Remember Me’ or ‘Save Password’ options on public computers, which will make your passwords available to anyone who uses the computer after you do. Avoid entering your passwords or accessing confidential information when using WiFi hotspots; hackers often tap into these networks to intercept your password and access your personal information.
8. Create good password habits. Never share your password and don’t let other people watch you type your password. Always log out of public or shared systems. Do not reuse old passwords. Change your passwords every three to six months.
9. Use 2Factor Authentication (2FA). Many experts recommend using 2Factor Authentication (2FA) to boost your password security. 2FA uses your phone, tablet, or other device to verify that it is you trying to access your different accounts. This prevents anyone other than you from using your account to log into different websites and keeps your personal information secure.
10. Don’t forget your phone. The data on your phone is equally as vulnerable as the information on your computer: passwords and other confidential information is stored on your phone’s hard drive. Make sure you lock the device with a unique, four-digit PIN. Never leave your phone unattended in a public place, and install a free smartphone tracking app that can wipe your data in case your phone is stolen.