In 2017, being careless or lazy with passwords is unfortunately not an option.
A quick look at the ‘Have I Been Pwned?’ website will almost certainly highlight how a service you’ve used has been caught up in some sort of major data breach - and as a result your account information may have become available to the highest bidder.
But there are a few ways to help ensure hackers won’t be able to access your accounts (and, potentially, the personal and financial information stored within). A strong password is the most basic but most effective form of defence. Here’s a few tips to keep your password strong and unbreachable (hopefully - sadly there can be no 100% guarantees).
1. Use long passwords
The simplest tip of all - make sure your passwords are long and complex. An 18 character password is exponentially harder to crack than an 8 character one, and that’s doubly true when the long password is a mix of letters, symbols and numbers. A minimum of 12-14 characters is typically advised, but the longer the better (within reason - you need some way to remember it).
2. Avoid the obvious
Take a look at a list of the most common passwords. It should be immediately obvious why many of these are so popular - they’re easy to remember (abcdefg / 123456); they match patterns on a standard keyboard (qwerty); or they are just the first things that spring to mind (password).
Avoid these sort of passwords; they’ll be among the first ones tested by automated hacking tools, and there’s a good chance many will be easy to manually guess even without any special software. Basically: think about what you’d try first if trying to crack a password, and don’t do use that.
3. Switch around numbers, letters, cases and symbols
Some letters can be easily replaced with similar numbers or symbols. An ‘I’ can become a 1; and ‘E’ can become a €’; an ‘A’ can become an ‘@’ etc… Obviously this can apply the opposite direction as well.
Those changes are fairly obvious tricks, however. If you want to go a step beyond, make up your own ‘code’ you can remember. Changing a ‘T’ to a ‘3’ or a ‘!’ is not an obvious choice, but if you can remember the code you can create complex but personally memorable passwords that will be very difficult to crack.
Mixing up upper and lower case letters within a password will also make a difference.
You can also use spaces in passwords, which is a good way to make them harder to crack.
4. Embrace randomness
PolyOctaveSandwichPop? When it comes to multi-word passwords, nonsensical combinations are the best combinations - especially when used in combination with the tips above.
5. Don’t use personal information
As scary as the thought is, someone could probably dig up your date of birth with a bit of time and effort. Many people have also - unknowingly, probably - left digital footprints containing a surprising amount of personal information. If you rely on that information for a password, then someone could potentially figure that out.
With that in mind, try to keep your passwords as anonymous as you can.
6. Change passwords regularly
If you've been using the same password for a few years, it's time to consider changing it.
Another thing: if you ever receive notice of a data breach (e.g. the massive one discovered by Yahoo! last year) make sure to change your password immediately across any services that may have been affected. This is true even if you haven't used the particular service in a very long time.
A screen on the Yahoo! web page informs users of a data breach and the need to change their passwords, seen on Friday, September 23, 2016. Picture by: Richard B. Levine/SIPA USA/PA Images
7. Don’t reuse passwords
This will undoubtedly prove the most challenging tip for many people.
With most people now signed up to all manner of sites and services, the temptation to reuse passwords is high - not to mention the challenge of remembering a dozen or more complicated combinations. But it’s vitally important, especially since reusing passwords means one service breach could lead to hackers easily gaining access to your other accounts.
The more varied and unpredictable your passwords are, the easier it is to avoid a chain reaction of breaches.
8. Use password management tools
Having a long list of unique passwords will almost inevitably lead to a few too many uses of ‘forget password?’ buttons. That can be offset by using some of the password management tools out there.
There are basic features already built into browsers like Chrome (although always be careful whenever you’re asked to ‘save password’, especially on public computers), but you can also use more advanced apps and software to keep everything in check. Wired has a good rundown of some of the options available.
If you can avoid writing down or saving a file with your passwords, that is very much recommended. But if you need a reminder, make sure it’s well disguised - don’t save the password in your phone under the name ‘password’ or ‘email’, for example.
9. Enable two-factor authentication
This is an absolutely essential tool whenever it’s offered. Two-factor authentication (2FA) offers up an extra layer of security, typically by linking an account to a mobile device. This means someone will not be able to change your password without having access to your phone as well.
So whether you’re protecting your Google account or your Playstation one, link up your smartphone to add a bonus shield around your password.
***
Above all, use a combination of all of the above! Used alongside anti-virus/malware software and common sense when using the web, a strong password will help keep your digital identity safe.
