“But I’ll think of a strong password and use it everywhere”. Not recommended either, because if this is cracked in one place, this exposes you in the other places.
So to maximise your sanity, try these Do’s and Don’ts to make your security as strong as possible without needing the memory of a savant.
DO:
- Use a minimum of 8 characters, ideally with a mix of uppercase, lowercase, numbers, and symbols, e.g. * or ^. You can make this easier by forming what looks like a word or phrase, e.g. gra55!sGrEen. There are no (practically speaking anyway) upper limits on a password, so the more the better!
- Link the password with an email address you commonly access, in case you forget your password and need to reset it.
- If one of your accounts gets hacked, immediately change your password, but don’t just add a number after the hacked one, make it completely different.
- Use a unique password for each login screen/website etc. This is a pain to do, but trust me, this is the best way to maximise your IT security.
- Use a password manager like LastPass, Dashlane, or LogMeOnce. The free options of these are a great starting point, with paid options offering more advanced features. The ability to securely store your passwords in the cloud is one of common feature of these tools. The beauty of something like LastPass is that creating a master password allows you to access your other places without needing to enter a unique password on each occasion. Create a VERY strong master password, store it securely, and remember it.
- Consider enabling 2-factor authentication on sensitive applications. Some features of Online Banking include this by default, where you must retrieve a secondary security credential on your phone or other device.
- Use your browsers ‘remember password’ feature if available, just remember to logoff if there is a chance others may use your computer after you are finished. Firefox has a feature where entering one master password allows secure access to your password list.
- Change your password regularly to stay extra safe.
DON’T:
- Use easy to guess passwords like Password1, qwerty, or 123456 as your password. Just don’t do it – when cybercriminals attempt to break into your account(s) they start with the most commonly used passwords, and these top the list!
- Store passwords in a file called “My secret passwords that I use for everything” and store this on your desktop. If you must record them, write them down and store in a secure location.
- Use the same password for more than 1 website/software program.
- Use loved one’s birthdays, petnames, favourite bands/clubs as your password. The amount of personal details which is readily available via social media gives hackers additional ammunition with which to crack poor passwords.
We’re not quite at the point where we access our devices using an iris or thumb scan, and until we get there, we all need to take responsibility for passwords if we want to protect our data from prying eyes. Creating a secure IT environment is more an organisational exercise than a technical one, so investing some time to this will pay off for your IT security.