Setting up a secure password
Do you know the difference between a bad password and a good password?
In this section
- What makes a good password?
- Check the strength of your password
- How can passwords be hacked, and what can I do to stop it?
- What is two-step verification/sign-in?
- What are Password Managers?
These days everyone has a wide range of accounts online. E-mail, social media, banking, shopping and so on, everything you do online is only as secure as the passwords you keep. If someone guesses your password or manages to hack you, your entire online identity is at risk and can cause you a lot of damage. Picking a secure password is the best way to protect yourself online.
What makes a good password?
A good password is simply one that only you know and can’t be reasonably guessed by another person or a computer. The most common password in 2014 was ‘123456’ followed closely by ‘password’. These are disastrous passwords which can be guessed in a really short space of time by a hacker, or indeed by a computer program trying to hack your account.
Below are some great tips to make your password more secure. The more of these things you have in your password, the more unlikely it is that a person or computer program can guess it. Computer programs trying to hack your account often start with the most common passwords followed by trying words from a dictionary with common alterations like numbers. Making your password more complex will make it more secure.
To make your password comlex, you should make sure:
- It is 8 characters or longer
- Has uppercase and lowercase letters
- Has at least one number
- Has at least one symbol
- Does not contain names of people or places, or contain direct words from a dictionary
Check the strength of your password
Don't worry, we will never save or store this password.
How can passwords be hacked, and what can I do to stop it?
There are loads of different ways your accounts security could be by bypassed but here are some of the most common.
You left your account open or signed-in
- How it happens - Sometimes leaving your account signed-in on a computer that is shared with others can be the same as simply telling someone your password. All they need to do is use the computer or device after you and they’re away. This can also be the case when you don’t lock your devices such as phones, tablets and laptops.
- How to stop it - Firstly only ever click “remember me” when signing onto your own computer or device. Never have a browser or device remember your account when you don’t control it. For devices that are yours, always make sure you have a password or pin lock on it and put the device to sleep or log out when you’re done.
You picked a terrible password
- How it happens - Simple passwords can be really easily guessed with a ‘brute force attack’, which goes through all possible password phrases that are guessable until they find it. Simple passwords with dictionary words and simple numbers are the most vulnerable to this attack.
- How to stop it - Pick a good, complex password that is not easily guessable. A good password (as outlined above) has more than 8 characters, has upper and lower case letters, has numbers and also contains symbols. You should avoid simple dictionary words, patterns of keys on a keyboard and names which are significant to you that people might know about (such as locations or family members names)
Account recovery hack
- How it happens - Account recovery tools are often useful when you have forgotten your username or password and need to reset your account. You answer a secret question only you know the answer to and are prompted to reset your password or else a link is emailed to you. The problem is that most people use questions and answers which a lot of people can easily find the answers to. Such as the city you were born in, your mothers maiden name or your first pet. If you have a simple question like one of those, your account is vulnerable.
- How you can stop it - Pick a question that you only know the answer to. If it allows you to write the question all the better. Pick something secret and personal that only you know the answer to which will prevent people from being able to accurately guess what your secret question answer is.
There was a data breach
- How it happens - Sometimes the company you have an account with suffers a little hacking of their own. This can be terrible not just for the company but for all their users. A huge number of people use the same password for all of their online accounts meaning that when one of your accounts is hacked, they all are. The hackers can take the password they learned from one account, and use it to sign into another.
- How you can stop it - While you can’t stop the company you have an account with from being hacked you can take precautions to minimise the damage. Make sure you don’t use the same password everywhere. This will mean you won’t lose all your other accounts. Also if you can use two step sign-in then go for it. This means that even if your password is lost you can’t sign in without your phone verifying your information.
What is two-step verification/sign-in?
Two step sign in means adding another step to your sign in process. After you enter your password you will be asked for a code. This code is usually text to your phone or else inside a code generating app on your mobile device. You get the code and enter it on screen.
This extra layer of protection reduces the risk of your account being compromised as the hacker would need to have gotten both your password and phone to access your account. You can remember your sign-in on your devices meaning that you don’t have to do it every time.
Most major companies have this feature and recommend using it. For more on this feature, check out are article here.
What are Password Managers?
A really cool new approach to passwords is using a manager to take care of creating unique passwords and storing them somewhere safely.
Password managers differ in how they all work, but largely they:
- Generate a long, complex password
- Make sure the passwords are unique for each website
- Store them securely on your computer, mobile or tablet using a password to access or thumbprint on certain devices
They usually also have addons for all modern browsers which will prompt you to create a new password for websites, or populate your password for an existing one.
They are incredibly useful and will prevent a lot of the most common form of hacking. After all, the most safe password is one you can’t even remember due to its complexity. You will only have to remember one password/pin (for the password manager) and all your accounts will have their own highly complex password that won’t be easily broken.
Some password managers include:
- Keychain - Mac users can use the built in password which generates complex passwords and syncs them to iPhones and iPads. Free for all Mac and iOS users.
- 1Password - Supports Mac/Windows, integration for browsers and mobile apps. - Price varies, starting at $49 once off fee.
- LastPass - Again, this option supports Mac/Windows, integration for browsers and mobile apps. Free for desktop users, premium includes mobile sync and is $12 a year.
- RoboForm - Prices vary, starting at $9.95 a year.
- KeePass - Free, only supports desktop computers.