Weak passwords represent a massive cyber security threat.
It is easy enough to choose a password, However, choosing one that is both secure and easy to remember is something that is a big struggle for many people.
Here is what you should do:
- Use eight characters at least
- Use a random mix of both lower and upper case characters, punctuation, numbers, symbols and spaces
- Don’t use words that appear in a dictionary, either foreign or English words
- Don’t use a password more than once
- Select a password that you will be able to remember. That way you won’t need to continue looking it up. That helps to reduce the chance that someone will discover where you have it written down.
- Select a password that can be typed quickly. That helps to reduce the chance that someone can figure out your password while looking over your shoulder.
- Make sure to change your password on a regular basis, such as once per month.
- Make sure to change your password anytime you suspect that someone else might know what it is, might be able to guess it, or you are concerned that someone was standing behind you as you were typing it in.
Select a safe password:
- Password generator software can be used to help you with this.
- Use the first letter of every word in a line of a poem or song
- Alternate between one to two vowels and one consonant to come up with nonsense words.
- Select two short words and then use a symbol or punctuation character in between the words. e.g. tree, seat
Things you should avoid:
- Don’t use any passwords that are based on your personal information like
name, date of birth, pets or children’s names, address, car registration number, etc. That includes only using part of your birthday or name.
- Don’t ever use a password that is based on your email address, computer name, account name or username.
- Don’t simply add one symbol or digit after or before a word. e.g. “apple3”
- Don’t just use a single word twice, e.g. “appleapple”
- Don’t just reverse a single word e.g. “elppa”
How to protect your password:
- Your password should never be stored on your computer unless it is in encrypted form.
- Whenever you are prompted to “Save password” by Windows on your PC don’t do it.
- Don’t ever send your password in an email or through any other type of unsecured channel.
- If you have to write down your password, don’t leave it on a piece of paper that is lying around. Make sure it is under lock and key and not next to your computer.
- Don’t ever tell anyone what your password is.
Ways that potential hackers attempt to obtain your password:
- Steal it: Find it on a piece of paper where you have it written down. Look over your shoulder as you are typing.
- Guess it: Many individuals use passwords that are based on information that is easy to guess.
- Launch a brutal force attack: Every possible combination of symbols, numbers and letters are used to try to guess the password. With modern software and fast processors, it is possible to test thousands of combinations within seconds.
- Dictionary attack: First combinations are chosen from words that are in a dictionary. There are software tools that are widely available that are able to try every word appearing in a dictionary or from a list of words until your password is discovered. There are dictionaries available with hundreds of thousands of words in addition to foreign language, technical and specialist dictionaries. There are also lists with thousands of words that are frequently used as passwords.