Most of us are guilty of reusing the odd password, or keeping the same one unchanged for a decade or two – or even using one of those ones you really, really shouldn’t.
A huge number of us are still using wildly insecure passwords – research from Keeper Security (based on 10 million hacked accounts) found that 17% of accounts still use 123456.
But how do you go about making a really secure password – and ensuring it stays that way?
Here’s a few tips for World Password Day 2017 – with help from experts at Kaspersky Lab.
Don’t save passwords in your browser
Many browsers offer you the option to save passwords – which can speed things up considerably when logging in to email and Facebook.
But it’s not secure – and you could be at risk, for instance, if a hacker gained control over your PC.
David Emm of security firm Kaspersky says, ‘The “save your password” option offered by Internet browsers may be convenient, but is not as secure as using a password manager software.
Make it longer
Generally, it’s a good rule of thumb to make passwords longer than the minimum required.
David Emm of security firm Kaspersky says, ‘Make every password at least 15 characters long – the longer the better. Combine letters (including uppercase letters), numbers and symbols.’
Sentences are more secure than individual words – and weird sentences which don’t make much sense are even better.
Don’t change passwords too often
If you’re changing your password too often, you’re more likely to forget it – or to reuse passwords you shouldn’t.
David Emm of security firm Kaspersky says, ‘ Don’t continually change your password – There’s no need to change your password regularly just for the sake of it – it would be difficult to remember a new one every few weeks. But be sure do so if you know, or suspect, that your account has been compromised.
Use a password manager if you can’t remember
Using a password manager is preferable to repeating passwords or using slight variations on them – the manager will generate strong passwords for your accounts and store them safely.
While hackers have broken into password managers, it’s very rare – and it’s safer than using weak passwords.
David Emm of Kaspersky says, ‘If it’s too hard to do this manually, use a password manager application that encrypts and stores unique passwords for all your accounts in one consolidated and protected location.
Don’t use words in the cybercriminals’ dictionary
Typically, cybercriminals will use a “dictionary attack” – so the key to making their lives difficult is to avoid anything in the “dictionary”.
This will usually include any English word – or indeed any single word in other languages.
Don’t rely on clever tricks to disguise words
Sadly, most of the ‘clever tricks’ you use to make passwords ‘safe’ don’t work.
Adding numbers or characters to the end, for instance, won’t stand up to the software password crackers use to break into account.
Likewise, using symbols before a word won’t work – nor will doubling the word (‘passwordpassword’, or reversing it ‘drowssap’).
Changing letters to numbers (‘p455w0rd’) is also laughably weak.
Don’t use any part of your own name
The programs criminals use will also look for parts of your name or username being reused in your password.
It’s one of the first things a password cracker (human or automated) looks for when it comes to trying to guess a password.
Don’t use your home town
Whether or not cybercriminals already “know” details about you – from your Facebook page, say – place names are easily guessed. If you live in London, London is definitely not a good password choice, for instance). The word lists used in dictionary attacks are likely to contain common place names.
Don’t use songs, film characters or TV shows
In lists of commonly used passwords, popular TV show and film characters always rank highly. This means that crackers will look for them – and break them quickly.
Never use characters from, say, Game of Thrones or anything else current – no matter how ‘quirky’ you think your tastes are.