Today, everything we do is online. We use m-banking to control our finances, fitness trackers for our health, and social media as our primary means of social interactions. Nonetheless, is this always a good idea?
- Have you ever gone through a nightmare scenario where someone you often write about gets a password to your Instagram/Facebook account?
- What about someone accessing your bank app on the day you’re supposed to get your paycheck?
- Then, what if your office rival got your Twitter account for the day, with the freedom to incriminate you in whatever way they like?
It’s surprising how much harm can come from losing a simple password. Here are the top ten rules that should help you prevent these nightmare scenarios.
- Keep it longer
Unless your password is incredibly logical, the length of the password is a great way to make it harder to crack. To understand this, you just have to understand how the odds work.
For instance, if I told you that you had to pick a one-character number as your password and that it cannot be zero, it would take a maximum of nine tries for one to guess your password. With each additional letter or number, the odds are going against one trying to make a guess.
Now, add that you’re not limited to just numbers but also other characters, which will be quite difficult to guess. With each additional character, you’re adding potentially millions of possible combinations.
- Use more character types
As mentioned earlier, you’re not limited to a single character type. Instead, you can use letters, numbers, and symbols. You can use them in any combination you want, and, in some scenarios, you are even obliged to use lowercase and uppercase letters (at least once).
All the good sites will insist you use all the different characters and set a minimal password length. However, you should do this even when it’s not required. You should do it, especially when it’s not required. If anything, this site is not serious with its authentication and authorization policy, so keep your eyes open.
- Keep it unique for each password
One of the biggest temptations is to create a single password and use it for every account. Why is this so tempting? Because it’s easy. You don’t have to memorize too many passwords.
Many people even believe this to be secure since, if you had more passwords, you would have to write them down somewhere. You could lose this document or a piece of paper, compromising your entire online activity.
However, imagine if this universal password of yours got lost. What if you argued with an SO, and they insisted you give them your Instagram password? What if this toxic relationship ends badly (as it probably would), and this was the same password you used for your PayPal? Now you’re starting to get it!
- Use a password management tool
If you want a shortcut, the simplest possible way to handle all your passwords is to get yourself a password management tool. This secure platform keeps all your passwords in one place, ensures they’re strong enough, and helps you change/randomize your passwords immediately.
In other words, a good password management tool helps you stick to all the tips on this list without even trying. Now, many great password management platforms are out there, some of which are relatively new. Just pick one from our recent list and see how you like it.
- Don’t use personal information
The most important advice you’ll ever receive is that you shouldn’t use personal information. Why? Well, because it’s easy to crack and figure out. People who know you will know immediately, but it’s an easy job, even for people you’ve never met.
Imagine using a wedding anniversary as a password. All that one would have to do is follow you on social media (many people accept random requests) and review your posts. Then, they see the photo you’ve posted from your anniversary dinner and the date when it was uploaded. That’s all they need to get access to your account.
- Avoid popular catchphrases
Many people try to be clever and use a word like “password” as their password. Others believe that they can “trick the system” by adding a number to the mix (like “password1” is any better). Then, some use the company name in the password (like “Facebook1” or “Instagram1”).
These are more obvious than you believe, if for no other reason because too many people have the same “brilliant” idea. These passwords are among the first things any hacker will try.
- Avoid keyboard sequences
A lot of people hate having to deal with passwords. Instead of understanding how important they are and why they’re important in the first place, they grow frustrated when they have to create a password. They feel frustrated that they have to deal with this and just try to get over it.
They just use a keyboard sequence to skip the creative process of coming up with a new password. They use “12345” as a password or even “qwerty.” The worst part is that since it makes no semantical sense, they live under a false presumption that this is a “good” password and that there’s no way that anyone will figure it out. They couldn’t be more wrong.
- Letter substitutions are a horrible idea
You probably believe you’re smart if you replace the letter “A” with the symbol “@.” However, “p@ssword” is hardly a better idea than “password.” These tricks are not nearly as unique, and they’re not nearly as unpredictable. If anything, hackers are trained to hunt for such patterns.
The same thing goes for the use of “!” instead of “i” or “l.” Remember that while this is ineffective, it leaves room for error. You see, different keyboards (especially if they’re not set to English language) have different layouts. This means it’s easy to make a mistake (especially if a password doesn’t show). Two or three strikes, and you may have to change/reset your password either way.
- Regularly change passwords
In the first section, we’ve talked about how many takes a hacker would need to guess a single-digit password and how with more characters, it gets more complicated (takes more attempts). The bad news is that they’re not doing this manually and that, with enough takes, they’ll eventually guess it.
This is why you need to change your passwords regularly. If you have a password manager, it doesn’t take much effort to do so. Even without a password manager, you should change your passwords every 90 days. It will be challenging to keep up with it all, but you have to make an effort.
- Use 2FA either way
Even with a good password, there’s no reason you should rely just on this one protection method. After all, the use of 2FA is seamless and effortless. Most importantly, most people are already so accustomed to it that it barely slows them down. The level of protection it provides, however, is unparalleled.
You see, you can save a device from which you usually access this account and simply insist that if someone tries to log in from a different device, they authorize this from an additional source. You should send a code in an email or an SMS.
Taking care of your cybersecurity is your personal responsibility
Sure, some sites won’t even let you register if your password doesn’t contain a number, a symbol, a capital letter, and a lowercase letter, or if it’s shorter than eight characters; however, you can’t rely on this. Others shouldn’t have to introduce rules to prevent you from compromising your security. Instead, learn these ten rules by heart and stick to them.