For many denizens of the internet, a password is all that stands between their data and a cybercriminal.

Of course nowadays your security can be beefed up with two-factor authentication (2FA) but since today is World Password Day (yes it’s a real thing) the focus is on passwords.

And there is good reason to focus on passwords because apparently we are still woeful at creating secure ones.

Analysing data from Have I been Pwned, the UK’s National Cyber Security Centre recently found that 23.2 million compromised accounts used 123456 as a password.

That is the most popular password but you can head to this link to find a list of the 100 000 of the most popular passwords found in compromised accounts.

Should you find your password on that list it’s time for a change and ESET South Africa’s chief executive officer, Carey van Vlaanderen has some advice for creating a secure password.

One word to compromise them all

The first thing one should do is avoid a single word, especially if that word is English.

Something that is often mentioned by security conscious folks is to use a phrase or random words with little to no association with each other. We like to reference the xkcd example of correcthorsebatterystaple as an example of this method for creating a password.

“Some of your passwords may feature special characters or symbols at the end, perhaps because a website has prompted you to make your password stronger. Instead of placing a special character at the end and thus making it easier for cybercriminals to break into your account, intersperse special characters at different places, along with normal characters, throughout your password,” adds van Vlaanderen.

You could of course make up your own word thereby lower the risk of falling prey to a dictionary or brute-force attack. Just remember that word or you’ll be needing to change your password before long.

Keep it impersonal

We understand the temptation to use personal details in a password to make it easier to remember. Here’s the thing though, don’t do that.

With the advent of social media we are sharing more and more personal information about ourselves and, for the most part somebody just needs to reach out and pluck those details from your online profile.

Access to this information could be used to crack your password more easily so try to avoid using personal details in your password.

There are of course password managers which we use here at Hypertext. Using a password manager will still require you to create a strong master password but you will then be able to use the application to create strong, unique passwords for all of your online activities.

Of course, you shouldn’t take just one day to take your security seriously so why not make World Password Day the start of a new habit whereby you take note of data breaches and the like so as to protect yourself from the cybercriminals lurking on the internet.

Better safe than sorry right?

[Image – CC 0 Pixabay]