Working, schooling, socialising, eating, entertainment, banking – we carry out almost every aspect of our daily modern lives through digital devices and personal accounts.
And, for all of the devices we use, and platform and system accounts we log ourselves into, we ought to have good – if not great – password security, for better protection for all of our confidential and sensitive information, against cyber attacks and breaches.
Just imagine if we didn’t – our identities could be stolen, our credentials phished, our bank savings wiped clean, and all of our carefully-managed funding and investment plans hijacked (bye, bye, retirement holidays).
Start building your defense against cyber crime and hacking (and safeguard your financial future) by taking on these tips to create stronger, more crack-proof passwords.
1. Do not use common words, characters or combinations
It’s best to not create passwords that anyone can easily guess at or know. Which definitely means no letters of the alphabet in sequence (ABCD, XYZ, etc.) or numerals in order of either ascending or descending value (i.e. 1234 or 9876).
Other no-nos: Common words such as “password” and “secret”; easy-to-think-of phrases like “mypassword”; and known phrases or character sequences such as “Opensesame” or “Qwerty”.
Another rule to keep in mind: Avoid using anything that people can easily associate with you. Examples: Your name, nicknames, name of your pet, names of your loved ones (other half and kids) your and your loved ones’ birthdays or any anniversary dates, your address (physical or email), and so on. Basically, you don’t want the password to be something that someone can glean off your social media or pick up from conversations with you.
Also, try not to include anything from the lists of your favourite things: foods, hobbies, books, song, shows and so on. No matter how easy it is for you to incorporate these personal info nuggets into or as your passwords, it’s also easy for hackers to play “word association” with what they might know about you.
2. Do make it as long as possible
Another simple tip: Construct a lengthy password. No one’s asking you to quote the digits of PI (don’t, since “3.14” is a known number sequence), but you can start with a possible 8 character-long passkey (it’s commonly regarded as a safe starting point) and extend the numbers when needed to increase its strength.
To level up, try including some random letters or numbers, and alternate between uppercase and lowercase (if the login system allows for it). The aim for a longer password with more characters is to create more permutations, with the unconnected letters or numbers adding another layer of complexity.
One important thing to note: Don’t come up with a passphrase so long, random or complex that even you might have difficulty recalling, especially if you do not use it often.
3. Don’t use the same passwords
Ever heard of the saying, “Laziness is a secret ingredient that goes into failure”? Well, in this case, if you are lazy in applying some vigilance to the use of your login details, then it will definitely lead to password protection failure.
By that, we mean this: Do not utilise that one same password for all of your accounts and devices. Just because you can’t be bothered to think of and use new and separate passphrases for each and every account and device (laptop, email, Instagram, Facebook, and whatever platform or system you frequent), just means it’s less of a bother for a hacker to break into all of them.
Let’s say a hacker manages to find out your password to one of your accounts. He or she will then be able to reuse this “master key” to unlock all of your other accounts, which might also include those linked to your credit card and banking. ‘Nuff said.
Also, modifying that one commonly used or “master” or root password with some minor tweaks isn’t exactly innovative nor useful. Simply adding a prefix or suffix, or putting in 1 extra character into the composition – like say “Songnumber1” and “Songnumber2” – doesn’t make your data protection any much stronger. Come up with new ones for each and every account and device for peace of mind.
4. Don’t keep changing your login credentials
In the past, it was advised that you should periodically change your passwords to avoid getting them cracked.
These days, it’s a less needed practice. Unless you get an authentic notification or suspect that your account or device might be compromised and your password exposed, there’s actually no requirement for you to change it.
It’s not only because there are greater encryption and protection technologies in place to help safeguard your information. The added rationale is that if we are often changing our passwords, we might forget the numerous new ones, habitually recycling or creating similar passwords, or end up writing all of them down (because there are so many) in places where other people might get to them with ease (e.g. a notebook or in a mobile phone note-taking app).
5. Do not use or reuse cracked or stolen passwords
In case you didn’t know, there’s such a thing as credential stuffing. It’s a method where cyber attackers utilise lists and databases of compromised user credentials to break into a system. They can employ bots for automated login attempts using stolen or exposed passwords.
Second, if you’ve ever had the unfortunate experience of having any of your passwords cracked, never ever reuse it or modify it slightly thinking that the hacker won’t try using the same or a version of the password again. Lightning can strike in the same manner, at the same spot, twice. Compose a whole new one to shield against such repeated bot-augmented attempts.