In light of the barrage of cyber-attacks that shook the nation over the past few months, it's about time we re-examined the integrity of our passwords.
A study by Carnegie Mellon University's security and privacy institute (CyLab) revealed that only about a third of the victims typically change their password after a breach.
Let’s face it, there are some of us out there who still use the same password for all our accounts and have never changed them in years.
In this current climate, robust cyber hygiene practices are the only thing that keeps us from being vulnerable to hacks, and a secure password goes a long way.
Let’s do a test
Firstly, let’s see if you have been compromised, if you are using google password manager, then the password checkup tool is a great resource to check the health of your passwords and accounts.
Also, haveibeenpwned hosts a vast repository of accounts that have fallen victim to data breaches, it also helps you to conduct a reverse lookup of a password to see if any of your unique passwords have been compromised as well.
Don’t worry if your emails or passwords are flagged – let's just change them immediately
Password Do’s and Dont’s
Outlined below are a few tips to create a strong password, consider strengthening your passwords if they fall short.
- Create unique passwords that use a combination of words, numbers, symbols and both upper- and lower-case letters - the more random it is, the stronger.
- Passwords like 123456, password or qwerty are very easy to crack – if it's there on this list, don’t even think about it.
- Do not choose passwords based on personal identifying information, such as your date of birth, names of family members, pet’s name etc - hackers create wordlists specifically for this purpose.
- The longer the better - a 12-character password can take about 200 years to crack and an 8-character password might only take a few hours
- Do not use the same password on multiple accounts - if one is compromised, all are compromised.
- Change your password periodically.
Another interesting technique for securing a password is to use a passphrase instead of a password.
A passphrase is just a sentence, including spaces that you employ instead of a single pass ‘word’.
It is good practice to disguise that simplicity by throwing in few elements of randomness.
Let’s make one:
Select your favourite verse from a song: Speaking words of wisdom let it be
Punctuate and capitalise: Speaking words of wisdom, Let it be!
Adding randomness: $p3aking word$ of wi$dom, L3t it b3 !
Suffixing numbers: $p3aking 1word$ 2of 3wi$dom, 4L3t 5it 6b3 !
How do I remember this
Yes, we agree, remembering all these randomised, long passwords can be a hassle.
That is where password managers come into play, several online third-party services can help you safeguard sensitive passwords, including LastPass, DashLane and 1Password that store passwords in the cloud and secure them all with a master password.
If entrusting all your passwords to the cloud makes you uncomfortable, consider using a local password storage program on your computer, such as Roboform, PasswordSafe or Keepass.
Again, take care to pick a strong master password, but one that you can remember, if you forget the master password you are pretty much out of luck.