Do you use the same password for everything? If yes, then read on....
If you use the same password for everything this article is for you. Your passwords are the digital keys to all your information such as your banking details, contacts, messages, photos, address, and more. They hold so much power in protecting our personal information yet most people, probably including yourself, have a terrible password. So why are we so careless with our passwords? What can we do to better protect ourselves?
Importance of a strong password
Having a weak password is no different from telling a thief that there is a spare house key under the doormat. It doesn’t take a lot for a weak password to be compromised. Something as simple as your amazon account being compromised can tell hackers your name, phone number, email, credit card details, your preferences, postal address, what language you speak, and more. Now imagine if you used your amazon password for your bank account, social media, work accounts, email address…. Just by compromising that single account they now know all your personal information and your login credentials for your other accounts. From this, adversaries can log into your email and reset other account passwords and gain even more access. The worst part is that this is not hard to do! Have you ever forgotten a password and managed to guess that you had set it as your name followed by your birthday? It is not hard to find information like this about someone, so if you can guess that then so can other people.
By accessing your accounts and collecting information on you, adversaries can do things like identify theft, stalk you, send you scams based on what they know you like from your browsing or shopping history etc. all this scary stuff was a result of you, being lazy and reusing your simple password with your name followed by the day you were born.
How can you protect yourself?
1. Use unique passwords
Having a different password for every account will better protect you. If one account is breached your other accounts aren't at risk of being compromised with the same credentials.
2. Mix it up
Try to avoid using personal information such as names and date of birth in your passwords. These are commonly used in passwords and are easy to guess. Additionally, try to avoid using common passwords such as "password", "admin", or "123456". Here is a list of the world's most common passwords. https://en.wikipedia.org/wiki/List_of_the_most_common_passwords If yours is on here, you should change your passwords ASAP. Lists like these are commonly used when attackers are brute forcing accounts.
Some accounts also have password rules to better protect their customers such as requiring your password to be longer than 8 characters. Here are some recommendations to ensure your password is unique, not common, and should fit most password account criteria.
- Have at least two lower case and two upper case letters.
- Have at least two numbers.
- Have at least two special characters.
That’s it! Following these steps in your passwords also means your password is at least 8 letters long and will fit most password criteria you come across.
3. Regularly change and update passwords.
If your account details are a part of a data leak changing passwords regularly will protect you from the leaked credentials being used to access your accounts. Use this link to see if you have been a victim of a data breach https://haveibeenpwned.com/
4. Avoid password autofill.
Although having google prefill your account details is handy, it is extremely insecure. If your computer gets compromised the attacker now has all your other account details too.
5. Set up multi-factor authentication (MFA).
MFA is where you verify yourself using more than one source. An example is entering your username and password but also another verification key such as an SMS code. This adds an additional layer of protection to your account security. So even if your username and password have been compromised the hacker can't see what the SMS code that you get sent. Often the third verification key, such as an email or SMS code is uniquely generated each time you required it, again adding that layer of security and making it more difficult for an adversary to figure out that unique code.
6. Use a password formula.
My favourite password strategy which I don’t often hear about is using a password formula. Password formulas allow for passcodes to be unique, not saved anywhere, and hard to guess. The best part about password formulas is that you don’t need to remember every single password, just the formula you use! If you construct your formula correctly by using the password recommendations above, your formula should meet any password criteria you come across.
Here is an example of a password formula. I would recommend you create your own unique formula. Even create 2 or three different ones for different types of accounts such as one formula for banking details, one formula for work details, and one formula for everything else.
Here are the websites I am going to make the formula for
youtube.com
google.com
Formula 1:
- the index position number in the alphabet of the last letter of website
- add #
- website name but substitute letters L = 1, B = 8, O = $
- how many letters are in the website name
- capital third letter.
youtube.com = 55#y$utu8e7U
google.com = 55#g$$g1e6O
This may seem a bit fiddly but once you get the hang of it it's a unique and useful password strategy. It is also one of the safest methods.
7. Password Managers
If a password formula isn't your cup of tea, and you don’t want to be writing down and trying to remember all your passwords, the next best thing is a password manager such as LastPass, NordPass etc. password managers are a single repository to store all your passwords, so you don’t have to remember them. It is the digital equivalent of writing down all your usernames and password onto a piece of paper. The upside to password managers is that it is harder to lose or misplace your credentials. The downside is that all a hacker needs to do is break into that single online password manager and they have your password for everything. Many of these password managers are secure however there is still always that risk. If everyone had super brains I would recommend to never write down or put your password on a password manager but that is not realistic. So, if you cannot remember every single password, and don’t want to use the formula method, a password manager is your way to go.
It only takes a few minutes out of your day to set up a password manager, disable autofill and to log into your accounts and change a few passwords. These few minutes are crucial to protecting your digital information and keeping you safe online. If it only takes a few minutes to significantly reduce your risk of being the victim of your banking credentials be stolen, is it worth taking that chance?