How do you create your passwords? You might take your birth year, reverse the digits, append the name of your favorite indie band - in reverse - and add a $ because the website will not accept it without a special character. Let Google Smart Lock save it and then forget about it until you are forced to log in from someone else's device in an emergency, and are left scratching your head!
Habits are often changed only after an important account has been hacked. This generally encourages passwords to become more creative, much stronger, and harder to guess for the automated tools the average hacker uses to wreak havoc.
Whenever you have to create a new password, try to follow a few rules. They’ll help keep your details and sensitive information safe from malicious intent. Creating and managing passwords does not have to be a chore. Believe it or not, it may even be fun.
1. Words in the dictionary are fair game for hackers. Don't use them.
Did you know that one of the most common passwords people use around the world is - well - 'password'? These people are either too lazy or ill-equipped for the Internet. It’s like putting your pinning your home alarm code to your front door.
One of the things wrong with 'password' (besides the obvious) is that it’s in the dictionary. When hackers use their automated tools to try out different combinations of letters and numbers, they also search for dictionary words in your password.
It does not mean that your password has to be nonsense. You can replace a few letters of a legitimate word with symbols if you must. Just make sure it is not the only alteration in there.
2. Use numbers, characters, and CAPS
When you’re creating a new password for an account, you will usually see advice on mixing alphabets with CAPS, special characters, and numbers. It is sound advice. Follow it.
You can replace letters with special characters to make things easy to remember. $ for s and 1 for i or l are common substitutions. However, again avoid dictionary words. $1ngle is a mix of symbols, numbers, and alphabets, but it is too short and easy to guess. Instead shorten 'My Sister Hannah is a Very Nice Girl' to m$H1avng, and you have a practically uncrackable password.
3. Be creative. Make passwords hard to guess.
IDreamofGenie as a password on Aladdin's online store is creative but not hard to guess. Make the password a phrase unique to you, so you do not forget it. For example 'Nathan is my middle name' can be N1MymN, appended by whatever website you are on.
So on Google, it can be N1MymN@G for 'Nathan is my middle name on Google.'
For Apple, it can be N1MymN@A.
In this way, you can switch around some characters that make sense only to you.
4. Use Pass-Phrases.
The examples of strong passwords given above are called Pass Phrases. You can probably see why. They are easier to remember than some cryptic code. Plus, they can be as long as you want.
5. Make it longer than eight characters.
The standard recommendation for password length is eight characters. That’s how long your password should be, at the least. Does the website accept up to fourteen characters? Go wild with it. The longer it is, the harder it is to crack! For every character, you’re adding weeks or months of work to the hacker's schedule. In fact, some security agencies suggest even eight characters can be hacked in a couple of hours with the right software, so ten characters should be your minimum.
6. Keep your passwords to yourself.
You are supposed to keep passwords to yourself. It is common sense. However, it is not uncommon for people to give them to friends. If you’ve been loaning your Apple ID password to your roommate, so they can listen to your iTunes collection when you’re away, it’s a bad habit and you should quit. Even a good friend can accidentally give your password to other people. 'Other people' may not always have your best interests at heart, and might abuse it.
7. Use different passwords.
You do not use the same key for your home, your car and your office, do you? Similarly, you must not use the same password for all your accounts online. If one account is compromised, it will not take long before the others follow. Create separate passwords for every account.
8. Don't store your passwords for everyone to see.
People do it often. They keep all their passwords in a text file on their desktop. A password hacking malware tool can easily find it and break your accounts. Putting it on a sticky note or a spreadsheet in your PC is not wise either.
9. Use a password manager
With so many accounts to manage and so many passwords to remember, life online can be a memory game. An online password manager can store your various passwords for you on your device. However, at some point, you will need to store them all somewhere safe. LastPass is a password manager for Mac, Windows, and Linux which will help you manage your passwords better.
10. Learn to spot signs of "phishing attacks."
Password-hacking malware usually comes through browsing compromised websites and phishing attacks in your email. A phishing scam is a fake link posing as a legit URL. Be extra careful before clicking on a link in your email that asks you to provide personal information, change a password or log in. If you are in doubt type the URL you know manually in the address bar to visit the site. Phishing scams could pose as your bank, your school, and other entities you trust.
11. Use multi-step authentication.
Many websites and services let you set up a system to verify your identity if someone logs into your account from another device. This extra step could involve sending a One Time Password (OTP) or a text message to your cell phone, so you can enter the code and verify your identity.
12. Keep your devices secure.
Use antivirus software that is up to date on all your devices - your PCs, tablet, and smartphone - to keep your device clear of malware like keyboard loggers. Keyboard loggers track your keystrokes, so a hacker can figure out passwords to your bank accounts.
13. Use a password to lock your phone.
Malware for smartphones is quite common. Put a password on your phone to lock sensitive information. A powerful antivirus is a must - there are plenty of free and premium options for Android and iPhone.
14. Avoid using the keyboard as a password guide.
You would be surprised to know what some of the most common passwords in the world are:
The creators of these passwords apparently did not realize that nearly everyone uses the QWERTY keyboard. Hackers will inevitably try these combinations when they try to guess your key. The passwords above were common in 2011, and they were common in 2016. It is hard to know why. Maybe we feel invincible because we are not multi-million dollar businesses?
15. Does your phone have a fingerprint lock? Use it.
Use your phone's fingerprint sensor. Hackers can't steal your fingerprint, yet.
16. Don't use personal information in your passwords.
It goes without saying that using your name, DOB, the school you went to and other details as a password is foolish. All of this information is visible on your Facebook profile, and other social media accounts.
Are you someone who uses good password practices? Do you have other tips to add to our list, to help those of us who hate the very idea of having to create and manage passwords? Tell us below!