How many accounts have you accessed today using a password? 5? 10? Our online lives are ruled by passwords and it can feel tiresome trying to remember them all. But while you might be tempted to use easy passwords to simplify the process, you have to remember that your chosen string of characters is the only thing that stands between your private data and the outside world. Your password is the padlock on a vault filled with your valuable information: here are six hard and fast rules for ensuring your padlock is as robust as it needs to be.
1. Scrap the Dictionary
If your password can be found in a dictionary, it might as well not exist. Hackers will usually start with dictionary words and use free password-cracking programs like John the Ripper to test millions of passwords per second. Instead use a password phrase, like the first letter of every word in your favourite song title.
2. Store your password securely
Don’t store your passwords in a file on your computer called, Passwords. In fact, don’t store your passwords on your computer at all. If your computer is stolen or infected with malware, any passwords on there will bring the rest of your online world tumbling down. Instead, store them on an encrypted USB drive with an especially long, complex password that you’ve memorized. Or keep password hints (not the actual password) on a scrap of paper.
3. Don’t reuse passwords
Yes it’s tempting, but even if you’re careful, different websites have different levels of security. Your bank account might be guarded like Fort Knox but if you used the same super awesome password on say, your Facebook profile, and that gets hacked, your bank account is now wide open for visitors.
4. Too short means too simple
Auto bots can test passwords at an incredible speed. Short passwords can often be cracked within 24 hours, no matter how complex. Keep the bots at bay with a password that’s at least 15 characters long, a mixture of upper and lowercase letters, includes a number and, if possible, a special character too.
5. Avoid being phish food
A hacker won’t have to break your password if you hand it over to them. They’ll encourage you to do just this by sending you a link to what looks like a familiar site but is actually a fraudulent mock up. You’ll cheerfully input your account password and voila, they can now access the real thing. It’s a scam called phishing and one of the most successful ways of stealing data. Avoid falling prey by ignoring links in any suspicious emails, even if the email appears to be from a friend.
6. Don’t use obvious number substitutions
Pa55w0rd might seem clever, what with all the crafty digits in there, but it’s a n0 n0, along with any other obvious number substitutions.
When it comes to online data, you can’t be too careful. So slip the padlock on, and make sure it’s locked tight.