On the internet, passwords offer the first line of defence and they are necessary to keep your accounts safe. However, most of us while choosing passwords for various accounts on the internet bypass certain basic criteria. Mostly for the convenience of remembering, we tend to keep the same password for all the accounts. In most cases, easy-to-guess passwords are set thereby compromising online security.
A password is more of a lock than a key. Hence, it is really important to have strong passwords to your various services online so that you can defend against cyber criminals.
Here are some tips to what an ideal password should have:
- Always use a unique, alpha-numeric password for all your important accounts.
- Keep the password long and make sure it is alpha-numeric which means it should have combination of letters, numerals, symbols and, of course, it should be case sensitive. The minimum length of your password should be at least eight characters. What many people do not know is that you can also include spaces in between the characters. For an eight character long password, after all the possible combinations, there are 6 quadrillion possibilities which is quite hard to guess.
- Make sure that your password does not contain your user name, real name or company name and also it is not a complete word. The other way is to reverse the order of the characters. For example, Hell0u2@ can also be written as @2u0lleH which is a strong password. Though it is not necessarily the best option, but still better than keeping words the way they are spelt.
- It is always advisable to keep changing your passwords regularly and also making sure that password recovery options are safe and up-to-date in case you forget (which will happen often!).
How to see if my password is strong or not
The password that you might have set meets all the criteria mentioned previously and still be a weak password.
For example, mouse2u@ meets all the criteria for a strong password listed above, but is still weak because it contains a complete word. M0u5E 2u @ is a stronger option because it replaces some of the letters in the complete word with numbers and also includes spaces.
You can also check the strength of your password at: microsoft.com/en-gb/security/ pc-security/password-checker.aspx
Use a unique password
Since most people have accounts on different websites and for numerous services, it is always advisable that you keep a unique password for each. This prevents hackers form stealing your password from a less secure website. However, if you find it difficult to remember different passwords then choose unique passwords for important accounts like your email and online banking.
How do I remember my passwords?
Remembering multiple passwords for most of us proves to be a difficult task. However, if you follow these tips, remembering passwords can be easy.
- Whatever password you plan to set, relate it to an event, date or a hobby that is easy to remember.
- Create an acronym for that piece of information which you want to set as your password. For example, pick a phrase that is meaningful to you, like I graduated on 21 June, 2005. So, a probable password option can be i6rad/JU21,zo 05
- Shorthand, misspellings, adding spaces in between letters or words give strength to a password. Turn words into shorthand or intentionally misspell a word.
- Keep your recovery email address information always updated. Services like Gmail, for instance, also offer the facility to receive password reset codes through SMS. Most of the websites ask you to choose a question to verify your identity if you ever forget your password.
- If you have saved you password on your PC, then choose a unique name for the file and keep it hidden.
Most of the security breach cases happen due to installation of malicious software on PCs. Here is a list of Don'ts that you should follow:
- Don't set dictionary words as passwords
- Never set your date of birth or your family member's date of birth as password. Avoid using your company's name, phone number, bank account number or any other vital information in your password.
- Never ever write your passwords on any paper or any place from where they are easily accessible.
- Simple passwords spelled in reverse order, common misspellings and abbreviations or common patterns and combinations.
- Don't accept any end-user agreement without reading the fine print first.
- Never retain spam emails in your inbox.
- When you are visiting any new website, never click ad links or flash ads no matter how appealing or real-looking they are. Also, never enter your email account details on such websites.
- Passwords such as 123456, password1, abc123, 123abc, qwerty, iloveyou, iloveu etc. should be strictly avoided. According to a report by SplashData, these passwords are an example of some of the worst kept secrets by people globally.
1 Comments
Thanks for the article. We all need to be more proactive about our personal account security. One thing you failed to mention is taking advantage of the 2FA (2-Factor Authentication). Although it’s been around for a while, more and more sites are starting to offer and promote this option. 2-Factor Authentication wins every day. I feel suspicious when I am not asked to telesign into my account by way of 2FA, it just feels as if they are not offering me enough protection. I know some will claim this make things more complicated, but the slight inconvenience each time you log in is worth the confidence of knowing your info is secure. This should be a prerequisite to any system that wants to promote itself as being secure.
ReplyDelete