So, do you think you’ve been ‘pwned’? That’s the question to ask yourself.
May 2nd is World Password Day, a day to reflect on just how vulnerable a poor password can leave you. As more and more of the processes and tools we use in our everyday lives shift to the online world, the number of passwords we need to create and remember increases. Creating passwords for each and every online account you open can seem exhausting, but the consequences of opting for passwords that are easy-to-guess or are reused across many accounts can be dire. As data breaches and mass-scale thefts of personal data increase in frequency, it is vital now more than ever to be password savvy to help prevent your personal details from being compromised.
Just days ago, we reported on the National Cyber Security Centre’s analysis of the 100,000 most-commonly re-occurring breached passwords. Alarmingly, it found that over 23.2 million compromised accounts were using the password ‘123456’, closely followed by ‘123456789’ at 7.7 million users. Other common passwords included ‘qwerty’ and the classic ‘password’. Clearly, password safety is not at the forefront of everyone’s mind, and simply sticking a dollar sign or number on the end of a password just won’t do.
Of course, systems like two- or multi-factor authentication (2FA/MFA) can help greatly to keep you protected and you should use that added authentication factor wherever it’s available. Having said that, this shouldn’t detract from the need for robust and unique passwords, which is where your account security starts.
Step one is avoiding a single word, especially an English one. Instead, try using a phrase or series of words that are not easily guessable, or would not normally appear next to one another in a sentence. Some of your passwords may feature special characters or symbols at the end, perhaps because a website has prompted you to make your password stronger. Instead of placing a special character at the end and thus making it easier for cybercriminals to break into your account, intersperse special characters at different places, along with normal characters, throughout your password.
Generally speaking, avoiding any words found in a dictionary will increase the strength of your password. Words not found in a dictionary make it much harder for cybercriminals to crack passwords, since this helps to reduce their guess-ability; plus, you can get creative making up your own words. Of course, one of the reasons many passwords are so easy to crack is because people simply don’t have the capacity to remember multitudes of complex passwords, which is why resorting to easy-to-recall personal details is often a go-to.
While tempting, using personal details means your passwords could look very similar to your username, which is also an easy win for password-cracking programs and so another big no-no for a security-conscious user. In addition, if a cybercriminal has managed to source your personal details (whether from Facebook or otherwise) it will be even easier for them to guess your password.
If you think you absolutely must use personal details for fear of locking yourself out of your accounts on a regular basis, think again and consider using a reputable password manager. Such a digital vault can generate a strong and unique password for every online service while taking away much of the pain that password management involves. You should then only need to remember one master password that, ultimately, opens all your online accounts.
Your personal data is valuable and having it stolen or compromised can open up a whole new set of hassles. Reminded by the World Password Day, take a moment to review your defenses. You may also want to use our how-to guide for checking on Have I Been Pwned whether your details may have been compromised already. If they have or you’re in doubt, change them. Just make sure to change it to a new, strong, and unique password. Better safe than sorry.