World Password Day
We have all had those annoying pop-ups when creating a new password – you must use one special character, one capital letter, six letters, two numbers, one emoji…. (Ok maybe not that last one.)
Given the possible risks, it’s understandable that companies want you to use complicated and harder to guess passwords. Unfortunately, what many of us do is create passwords that obey the rules whilst being easy to remember and often use the same password, or similar ones with little variations, every time we’re asked to “create a new password.”
These passwords often involve personal information such as pet names, birth years and an exclamation mark at the end e.g., Rocky2017!
The problem is hackers can easily find your personal details such as your pet’s name on social media and then try every possible variation very quickly using software.
This is why the new guidance highlights that length of password and unpredictability is more important than the special characters and other rules mentioned above.
Here are a few tips for creating safer passwords:
- A random four-word phrase – SocialUniversityReportEvent – is actually tougher to crack than any random 8-character password.
- Add special characters and capital letters but don’t put them at the beginning or the end.
- Check your password’s strength on How Secure Is My Password? – https://www.security.org/how-secure-is-my-password/
- Lie when answering security questions – you’ll be surprised how easy it is to find someone’s mother’s maiden name from social media.
You could also consider using a password generator such as one from LastPass (https://www.lastpass.com/password-generator) which you can even download as a browser add on. Then you can let it create secure passwords as you sign up and it will even remember them all for you!
You can choose the length of password you need, what kind of characters you would like to include such as numbers and symbols and whether you would like the password to be easy to say or easy to read.
With over 80% of hacking-related breaches being due to weak or stolen passwords, it is imperative that you create secure and complex passwords to help defend against hacking.
LastPass have put together some password tips which you can find below and on their password generator page.
- Always use a unique password for each account you create.
- Don’t use any personally identifiable information in your passwords. Names, birthdays, and street addresses may be easy to remember but they’re also easily found online and should always be avoided in passwords to ensure the greatest strength.
- Make sure your passwords are at least 12 characters long and contain letters, numbers, and special characters.
- If you’re creating a master password that you’ll need to remember, try using phrases or lyrics from your favourite movie or song. Just add random characters, but don’t replace them in easy patterns.
- Use a password manager like LastPass to save your passwords.
- Avoid weak, commonly used passwords like asd123 or password1.
- Avoid using personal information for your security questions, instead, use LastPass to generate another “password” and store it as the answer to these questions. The reason? Some of this information, like the name of the street you grew up on or your mother’s maiden name, is easily found by hackers and can be used in a brute-force attack to gain access to your accounts.
- Avoid using similar passwords that change only a single word or character. This practice weakens your account security across multiple sites.
- Change your passwords when you have reason to, such as after you’ve shared them with someone, after a website has had a breach, or if it’s been over a year since you last rotated it.
- You should never share your passwords via email or text message. The secure way to share is with a tool like LastPass that gives you the ability to share a hidden password and even revoke access when the time comes.