Nowadays, passwords are needed for just about everything, whether it’s online shopping, reading the news, or just scrolling social media.
But this can be tiresome, and many of us are guilty of taking the easy route and simply reusing one password on all platforms. This is tempting because it’s so simple, but sadly, it’s also just about the least secure way to protect your accounts.
Secure password practices aren’t just about creating new passwords for each site though, because weak and easily guessable passwords leave you vulnerable to hackers. As the first defence against cyberthreats, strong passwords are crucial for protecting your sensitive data – but if the thought of having to think of something unique each time fills you with dread, never fear – check out our guide to creating top passwords below.
Why do you need secure credentials?
It’s difficult to overstate the importance of a secure password, especially when so much of our lives are online. Your communications, financial information, even biometric data can be stored online, so a compromised password can expose you to all manner of threats, including identity theft, and sophisticated social engineering attacks.
There are a few ways to make sure you’re keeping your passwords as safe as possible, so we’ve made this guide to put all of our recommendations in one place.
There are a couple of cheats that will make this task easier. To keep the best cyber hygiene, we’ve put together a list of the best password managers, as well as all the best password generators on the market.
If you don’t want to use a third party, and just want some tips on how to make your passwords as secure as possible, then take a look below at our advice.
Creating a strong password
Creating a strong password is of course the first step to staying secure online. With safety in mind, your password should be as complicated as possible whilst still being memorable.
First off, the basics. The recommended length for a password is at least 12 characters, but ideally over 14. This should include a mix of capital and lowercase letters, as well as symbols and numbers.
Try to avoid sequential numbers, i.e. 1234 , and avoid your birthday – these are the easiest for attackers to guess.
The password shouldn’t be a beloved, well-known character, so avoid Snoopy123. An obscure character would work, or even better a catchphrase that you remember from the show, like “Streets;Ahead6S&AM!”
It’s recommended that you use a word that’s not in the dictionary, which sounds ridiculous, but you can do this quite easily by adding in numbers, like “Kn33c4p”, for example.
I’ve always been told by the IT teams I’ve worked with to use a semicolon in your password, since semicolons are often used in coding to indicate a break in the code, often separating two lines. This interrupts the attackers attempt and makes life much more difficult for them. Not all threat actors will use code to try and break into accounts, so it’s not fool-proof, but every little helps!
Secure with software
If this all sounds a bit too taxing for you, we understand – luckily, there are services out there specifically designed to help.
The first, are the best password managers, which we’ve handily ranked and reviewed all in one place. Password managers store your credentials and securely auto-fill them into all your saved websites. In our guide, we’ve tested a mix of free and premium managers, some have more advanced features or are designed for business use, whilst some are definitely more suited for casual single users.
These do come with a pretty obvious risk, in that all of your passwords are now stored in one place, which, if compromised, is pretty similar to just reusing the same password. The software introduce one single point of failure, so make sure you chose a reputable manager with good reviews to keep safe.
The password managers do have great security, but if you don’t fancy the risk but still want to save yourself the hassle of thinking of a hundred unique strong passwords, then we recommend checking out the best password generators we’ve reviewed.
Pretty much as they say on the tin, password generators create hard to crack, secure credentials for you to use as you please.
Keeping passwords secure
The golden rule of passwords is that you never share them with anyone. Not friends, family, and especially not any unknown number who calls claiming to be from your bank. You should never send your password over the internet, even to yourself – because even the most secure communications can be compromised.
Writing passwords down so that you can remember them is the least risky strategy, provided you store it somewhere safe where no one has access or could easily spot them (so not in a notebook kept in your shared office space).
As frustrating as it is, its definitely best practice to create a new password for each site, especially those that hold important personal information – think financial firms, communications, cloud storage etc.
Strong password policies
Any organization with a digital presence needs a password policy, whether you’re accessing a complex order management system, or just a company Gmail, a robust and clear policy should lay out the parameters for safe password use.
Organizations are only as strong as their weakest password, so eliminating insecurities is a crucial first line of cyberdefense. By implementing a company policy, you can ensure that employees and systems users are protected, and this adds another layer of security to your organization’s networks.
For companies, mandatory password rotation is just as important, and switching passwords every 60 to 90 days for the passwords that protect your important data such as bank details, emails, or sensitive information.
Within this mandate, companies should ensure that employees are following all of the tips above, you can be confident in company passwords. Recent research has shown only 50% of organizations scan for compromised passwords more than once a month, so make sure you’re in the half that does. Of course, this has to be paired with immediately changing any passwords that may have been compromised.
Multi-Factor Authentication might be a pain, but its an excellent way to secure your accounts. The best authenticator apps can help add an additional layer of security and help verify that the person trying to log in is the owner of the account.
Some of these apps will generate one-time passwords (OTP) which expire shortly after being sent, which drastically reduces and attackers window to steal the credentials.
