These days everything requires a password. Getting into your PC, your phone, banking and even watching movies at home on Netflix requires a login. So how do you keep track of them, and more importantly, how do you know they are secure?
Below are some tips on how to achieve just this.
Firstly, it is important to create a password that makes sense to you and not to anyone else.
You might not realise it, but there are a number of very common techniques used to “crack” your password and many ways to even get you to give up this information willingly.
How to avoid getting hacked
Simple passwords : Do not use personal information such as you name, age, birthdate, child or pet names etc. as a password. When 32 million passwords were exposed a few years back, 1% of the victims passwords were “123456“. Avoid simple passwords at all cost. A complete list of passwords to avoid can be found HERE.
Reuse of passwords across multiple platforms : Reusing passwords for email, banking or social media accounts can lead to more trouble than it’s worth. The risk far outweighs the ease of remembrance this provides you. Although it makes sense to you to have the same password, a breach at your email provider for example, means your social media and bank accounts are also now compromised.
Dictionary attacks : This method relies on the attacker to use software like John the Ripper. This software automatically inserts common words into the password fields in an attempt to guess your password. So avoid consecutive keystroke passwords like “qwerty” or “asdfgh“. Also avoid dictionary words, slang terms, common misspellings or words spelled backwards.
Cracking security questions : Many people use first names as passwords. Sometimes the name of a spouse or child, relatives or pets. These passwords can be easily deduced with a little research. When you click on “forgot password” link within an online service you are asked a couple of personal questions, most of which can be found on your social media. Avoid using names or anything public as your password.
Social engineering : Social engineering is an elaborate way of lying. An alternative to traditional hacking, it is the act of manipulating others into performing certain actions or divulge confidential information. Most common amongst these are the emails you get asking for your email password. Hackers are hoping your email password will lead to other online services you use.
10 Tips on securing your password.
- Make sure you use different passwords for each of your accounts – We can assist with easy to remember passwords, but that differ enough for each site.
- Always log off if you leave your device and anyone else is around – It only takes a moment for someone to steal or change your password.
- Use comprehensive security software and keep it up to date – This helps to avoid keyloggers (keystrok loggers) and other malware.
- Avoid entering passwords on computers that you don’t control – Like computers at an Internet Café or library. They may have malware that steals your passwords.
- Avoid entering passwords when using unsecured Wi-Fi connections (like at airports or a coffee shop) – Hackers can intercept your passwords and data over this unsecured connection.
- Don’t tell anyone your password – Your trusted friend might not be your friend in the future. Keep your passwords safe by keeping them to yourself.
- Change your passwords periodically, and avoid reusing a password for at least one year – This will keep your information safe from attacks that may take time to guess your password.
- Do use at least eight characters – Lowercase and uppercase letters, numbers and symbols should be used in your password. Remember, the more the merrier. You can read more about password entropy here.
- Strong passwords are easy to remember but hard to guess. Iam:)2b21! – This has 10 characters and says “I am happy to be 21!” I wish.
- Check your password strength – If the site that you are signing up for offers a password strength analyser, pay attention to it and heeds its advice. Alternatively, you can go here to test your password strength.
It’s okay to write down your passwords, just keep them away from your computer and mixed in with other numbers and letters to it’s not apparent that it’s a passwords. You can also write a “tip sheet” which will give you a clue to remember your password, but doesn’t actually contain your password on it. For example, in the example above, your “tip sheet” might read “I am happy to be 21!”