If you’re like most people, you haven’t put a great deal of thought into creating your password. In fact, it’s probably a short, easy-to-remember password that you use for most of your accounts. Maybe it’s your son’s name and date of birth, a favourite hobby or a number sequence. That’s fine when you consider the average person will struggle to guess what your password is, but for a hacker that’s not the case.
Passwords are your last defence against the prying eyes of a hacker, so making your passwords safe is of utmost importance if you won’t want your personal information or online activities exposed.
How can your password be compromised?
1. You have a nosey friend
If someone wants to take a squiz at your personal life and your password is weak, then cracking into your e-mail account may be relatively easy. And if they don’t get it after a couple of attempts, your password recovery questions are likely to be easy to answer if the person knows you well.
2. You become the victim of a professional hacker
Hackers often use brute-force tactics or professional hacking software to access multiple user account or just individuals. Software will quickly break into an online account with a weak password. Brute-force attacks on the other hand requires hackers to systematically check all possible passphrases until they stumble upon the correct one.
3. Your data is leaked
Hacking or leaking data from big companies is becoming a more common occurrence. In these cases, millions of customers’ account information is leaked and as a result compromised. Vodafone Australia recently reported a security breach as did the affairs website, Ashley Madison (slightly ironic, don’t you think?).
How can I make a good password?
In the event your data is leaked through the security breach of a large company, there is really nothing you can do about it regardless of how strong your password is. However, you can protect yourself from brute-force hacking or from the prying eyes of curious friends and frenemies. The only way is to create a strong, complex password. A strong password should be at least 16 characters. It should comprise of a combination of upper and lowercase letters, numbers, and symbols or spaces.
Avoid using patterns like 123abc123, dictionary words, usernames, IDs, personal info or sequences of numbers and letters. And you should have a different password for each of your online accounts.
Password strength is evaluated by the “bit” content. The higher the bits in your password, the stronger it is. A 60-bit password for example, would take much longer to crack than a 20-bit password.
The downside of making your password secure is that they’re an inconvenience. How likely are you to remember a 16+ character password that has a security strength of 60-bits for each of your accounts? You’re not. That’s why you should consider using a password manager. LastPass, KeePass and Google Chrome’s password manager are just some of the popular websites out there that can store your passwords online. You just need to remember one strong password to access it!
Tips to create a secure password
If your struggling to replace your existing password with something more complex, a password generator may come in handy. Most password managers, like the ones listed above, will usually have their own reliable password generator tool for you to use.
If you want to come up with one on your own, think about creating a phrase. For example, you can use the phrase “I want the All Blacks to take out the 2016 Rugby Championship!” and simply make your password a combination of all the letters, numbers and symbols. Using this phrase your password would be: IwtABttot2016RC!
Once you have decided on a complex password, Microsoft and Apple now offer users an online password strength checker to ensure your chosen combination won’t be easily cracked.
When setting up accounts that use a “two-step verification” system make sure you enable it, even if you have a strong password. This will require you to enter a code that is sent as a text to your phone, which may sound annoying but it means if a hacker doesn’t have your phone, they won’t be able to sign in.