How to choose a secure password and stay safe online

The first Thursday in May is World Password Day, dedicated to highlighting the importance of having secure passwords and making cyber security a priority.

With so many of us now working remotely due to the coronavirus, cyber security needs to be front of mind for all business owners and employees, especially those using their own devices for work purposes.

Here’s all you need to know about World Password Day and how to create a secure password to stay safe online.

How often do you update your passwords for online accounts such as banking, email and social media – once, maybe twice-a-year?

If so, you’re not alone –  a new study commissioned by Equifax, the credit information provider, has found just over a quarter (27%) of us change our passwords once every year, with just under a quarter of those (23%) only do so when prompted.

The study of over 2,000 people found the over-55s to be worst culprits, with just under a third (29%) admitting they infrequently update their passwords.

And this lax attitude to online security could be leaving millions of us open to attacks from fraudsters.

How to choose a password

Keeping these points in mind can help create a strong password:

  • A longer password will reduce the chances of someone guessing it or an attacker from cracking it. Websites can have different minimum length requirements for a password but aiming for between 8 and 32 characters is a good starting point;
  • Hackers may try to guess your passwords using clues from your identity. Avoiding passwords with your real name, username, children or pets names or any phrases related to you – like your address, birthday, school names, or company – will help make your password more secure
  • Choosing different passwords for each website where you have entered details can prevent someone from using one password to access multiple accounts;
  • Substituting numbers or symbols for letters, such as changing ‘turtledove’ to ‘turt13d0v3’, is a method well-known to hackers, and it may not be enough to prevent them from guessing your password – try some of the following best practices:
    ​​-  Avoid using words that can be found in a dictionary.  Use a mix of upper and lower case letters, numbers, and
    ymbols in an unpredictable order, e.g. Jan3#564@TRa1n
    –  Avoid company names or mimicking the username
    –  Avoid using more than two repeating characters, e.g. Jannnuary Yeeeear

Keeping your password protected

There are a few ways to try to keep a password secure:

  • Never share a password and PINs with anyone even family;
  • Avoid keeping your passwords written down and never store them on your web browser as this can be visible to hackers looking to steal your personal information;
  • Using multi-factor authentication can add another level of security to your accounts as it asks for further verification of your identity before allowing access. The extra verification may include:
    –  A piece of information only you know, such as a password or secret question and answer;
    –  A trusted device only you can access like a mobile phone, where you’ll be told how to sign in;
    –  Something that can’t be faked, such as a fingerprint or retina scan;
  • Downloading and installing anti-virus and online security software can help protect your computer from outside attacks, such as malware and viruses that could try to steal information off your computer;
  • When creating your password reset questions and answers, keep in mind how easy it might be to guess the answer – is the information readily available or easy to research? If so, it may be safer to choose a more difficult question.

Is a password manager worth having?

The study also found that almost a third (31%) of consumers have more than five passwords – multiple passwords are good as they mean if fraudsters get access to one account, they won’t necessarily be able to hack them all.

The problem is, it can be tough remembering all those passwords, particularly for those accounts that aren’t used often.

Password managers can help keep your passwords safe and secure without the need to remember them. You can enter the passwords you use for different sites into the software, which remembers the passwords for when you sign in – you’ll normally only have to remember one master password for the password manager.

Different password managers work in different ways and can offer a variety of services:

  • Some act as plugins or extensions for your browser. They can save entered passwords and re-enter them when you visit the site again;
  • They can also save and enter other information on the websites, such as your name, address, or phone number;
  • Many password managers can detect when you change a password, and may either ask if they should update their database, or do it automatically;
  • Password managers can also come with a built-in password generator. This creates and stores a secure password, therefore you won’t have to remember a complicated series of numbers and letters;
  • Some may be able to synchronise with accounts on other devices, such as your PC or Mac, phone, or tablet, and manage application passwords, as well as web pages.

Like any digital software, password managers can also be a target for fraudsters, so it’s important to look for well-known applications with established reputations – services that you pay for can be more secure than free applications.

It’s important to research any product before downloading. It is essential that the master password for the manager is a very secure one.

What is World Password Day?

Created by Intel, the global tech company, World Password Day occurs on the first Thursday of every month to highlight the importance of having strong and unique passwords for all of your accounts.

Check out the hashtag #LayerUp on Twitter to get some great tips on strong authentication to prevent identity theft and other cybercrimes.

Have you ever been hacked? Tell us your story in the comments…