We know all too well the feeling of dread when a website you’re signing up for reports that the password you’re using is too weak.
Online security firm, Splashdata revealed earlier this year that “123456”, “password” and “12345678” were still the top three passwords being used by people around the internet, in 2015.
We would hazard a guess that many people still use these passwords because they aren’t aware that there are programs that could slice through your password in a matter of seconds by simply guessing different combinations of words, letters, symbols and numbers.
If you don’t believe us, just key “brute force hack” into YouTube, and in less than five minutes you too could be cracking passwords as if you’ve been doing it all your life, or shivering in fear.
So knowing that your online banking profile is just a few guesses away from a cyber criminal cracking it open, how do you protect yourself?
The goal you should have in mind when creating a password is to make it as hard as possible to crack, be it by a human or a program. What follows are a few ways to do just that.
Take yourself out of your password
Avoid using personal information such as your name, your date of birth, or even your mother’s name as your password. Many of these details can be gleaned from a service like Facebook or they’re out their in the public.
No words
Avoid using a single word, even if you add special symbols and numbers. Brute force tools can be designed to guess every word in the dictionary and combinations that include numbers and special characters. While you think “4wes0megamer69” is secure, it could be guessed in seconds.
The phrase that pays
One of the easiest ways to create a password is not to use a word you’ll remember but rather a string of words. Let’s take the sentence, “this is a very secure password that nobody will ever crack” and turn that string of letters into a password using the first letter of each word.
We now have “tiavsptnwec” which is already a good start. Swap a few of the letters out for numbers, add your favourite special characters and presto, you have a password that is vastly more secure than “123456”.
Size matters
Aside from being simplistic, “123456” is also a short password. While this means its easy to remember this also means its easier to crack.
Ideally you want your password to be between six and twelve characters long, should the website allow it.
Variety is the spice of security
Tempting as it may be, never use the same password twice.
We know its a hard ask to have to remember passwords that are 12 characters long for your email, your online banking profile, Facebook, Twitter, Instagram, online shopping and whatever other services you use but imagine all of those services used the same password.
A cyber criminal need only guess the password once to give you the headache of the year.
Catch them all
Using a password manager such as LastPass means that you can store all your passwords for all of your online profiles in the cloud. Why not just create a spread sheet?
Being plain text, anybody could access that document be it through spyware, malware or just a curious friend. Services such as LastPass and many other password managers encrypt user data so its far safer than using “pwords.xls”.
Many of these password managers also have password generators which generate a password using a random string of characters.
Questions?
Many websites use security questions as a fail safe should you forget your password. These questions are often “what was your mother’s maiden name”.
You should consider making these responses secure as well by using special characters and numbers as part of your answer.
For example, if your mother’s maiden name is, Jonas you could use the answer “j0n4s_”, which should give an attacker a harder time, even if they scrapped your Facebook profile for information.
As a bit of a disclaimer we should point out that if you fall prey to phishing scams or key loggers that often accompany malware strikes, these tips may not be of any use to you as the attacker will grab your details as you type them.
With that said, it never hurts to be secure and to make it harder for cyber criminals to gain access to your online persona.
[Image – CC BY/2.0 Scott Schiller]
