… is that they’re easy to forget and so we end up taking silly risks. But the recent allegations about Russian hackers and Trump should make us realise that hacking is pervasive. I’m embarrassed to admit that until a few months ago, I had two or three passwords for all my online life… that is until someone cracked my PayPal password and went on a shopping spree all over the internet. And as PayPal is accepted by most internet retailers, I do mean everywhere.
If you’re anything like me, you probably did most of your Christmas and January sales shopping online and have multiple shopping accounts. But are your passwords completely different for each site or are you using the same password time and again? With so many websites and accounts on the internet, it’s not easy to remember each password without duplicating them… or being sorely tempted to duplicate them.
Some people create variations of the same password, but variations are just the kind of vulnerability that hackers look for and find easy to crack. They’ve become particularly good at understanding and exploiting human behaviour. Not a day goes by that we don’t hear yet another troubling story about the theft of someone’s life savings because hackers have been able to crack easy passwords and steal the victim’s personal information.
It’s tempting to think that hackers have become exceptionally adroit or are very clever people, but the main reason is that we human beings tend to use the same passwords across multiple accounts and websites. Once a hacker has cracked one, it’s relatively simple to crack others, glean personal information and sit back and watch the money roll in.
Strong and memorable
So how do we protect ourselves from cyber risk? The best way is to make sure we have unique and strong passwords that are difficult to crack. That means not using words, phrases, names and dates that are familiar to us, no matter how easy they are to remember. So forget birthdays, home addresses, family and pet names and so forth. Hackers are good at doing background research and it’s amazing how much information they can find with a cursory search of your social media accounts.
To maximise your security, it’s best to create a completely random password that has no association with your personal life. A strong password should have at least 12 characters and include numbers, symbols and a mix of upper and lower-case letters. In fact, many websites now require you to abide by these rules when you create a password… much to everyone’s annoyance.
Use a mix of characters and letters that you’ll find easy to use and remember, but one that isn’t based on personal information like your home address, and avoid obvious substitutions such as H0use, Pa55word as these are too easy to guess. In addition, try not to use your favourite football team, player, actor, band or song. However, if you draw a blank, choose football teams, players, actors, bands and songs that you hate and abhor rather than your favourites. If you’re struggling to come up with a sufficiently unusual password, the best thing to do is to bash your fingers on your keyboard for a strong and nonsensical password.
Password manager
Coming up with passwords is relatively easy, but remembering them is trickier. It’s generally not a good idea to store them in your phone or write them down and keep them in your wallet. Some people store their passwords in an encrypted document, but this might not always be practical or easy to access. One of the best ways to manage your passwords is to use a password app that stores and generates passwords for you.
There are lots on the market, but Dashlane is probably the best for the average person’s needs. It works with all web browsers and the basic features are free. However, if you want to sync your passwords across all your devices, you’ll need a premium account. Before paying up, try out the basic version on your main device first. Find out more about premium password managers here. Basic and free password managers were reviewed by the same people here.
If you don’t like the idea of using a password manager, there are other ways to create strong and memorable passwords. We all know how useful mnemonics are for remembering facts and figures, so one trick is to create your own password mnemonic. For example, create a password from the initial letters or digits of a long sentence that you find easy to remember: In 1988 I lived at 4 Privet Drive and paid no rent would become I1988il@4PDapnr.
Passphrases
Another trick is to use a passphrase as these are harder to crack than passwords. Like the sentence used to create a mnemonic, you can use a long but easy-to-remember sentence or a random collection of words (at least four and preferably more than six words). To be truly random and indecipherable, it’s best to pick words at random from a dictionary or newspaper or use a passphrase generator.
Using a dictionary, I came up with the following words: monodont ventricose hammam glacial. Use imagery to remember your passphrase – a one-toothed fat-bellied man sitting in a steam room on a cold day is a pretty vivid picture – or string them together into a mnemonic sentence such as ‘a monodont and ventricose man visited a hammam on a glacial day’.
Like passwords, passphrases should only be known to you, should be long enough to be secure (the longer the better), hard to guess, but easy for you to remember and easy for you to type accurately. In addition, passphrases are also useful for answering security questions that websites throw at you. The answer to ‘what city were you born in?’ may be memorable but it’s also the kind of information that is easy for a hacker to find on the internet. Rather than answering truthfully, consider using your ‘monodont ventricose hammam glacial’ passphrase instead.
If you insist on using a single password or a passphrase, try adding a unique and memorable word for each account. If you take my monodont ventricose hammam glacial passphrase, you could add river for your Amazon account, or Argonaut for your Argos account, or shoes for your Boots account. You get my drift, right?
Stay safe online.
