How to make your password secure
Is your password secure? We look at the most common security mistakes people are making, and how you can avoid them…
So much of what we do is online these days – from checking our emails and Facebook, to internet banking and paying for the things we buy.
That’s why having a secure password is essential to prevent hackers from getting hold of your personal information. If yours is too weak, you could be exposed to a host of online security risks.
To show how easy it is for hackers, SplashData has released a list of the worst passwords of 2015. The top 5 were:
So how does yours stand up? We look at some of the most common password mistakes, and what you can do to make your own password stronger.
Most common password mistakes
Too short or simple
Password problem: Is your password under 12 characters? Maybe it’s made up of all letters or numbers? This is a classic weak password mistake, and makes yours much easier to crack than a more complex one.
Solution: mix up the characters to include letters, numbers and punctuation, and make sure your password is always at least 12 characters long.
Password problem: It seems like an obvious choice, but one of the most commonly used passwords is actually ‘password’.
A lot of people also go for obvious words like ‘football’. Or they simply add the number ‘1’ to the end of a word.
And because so many people are using them, it’s easy for hackers to guess.
Solution: think of a more specific word or phrase to you that you’ll be able to remember. Then add some extra characters in the middle or at the end to make it more difficult to guess.
‘Keyboard’ layout combinations
Password problem: At first glance, passwords like ‘qwerty’, ‘qwertyuiop’, ‘1qaz2wsx’ seem random – but they follow a pattern of rows on the keyboard. And they’re all in the top 25 worst passwords. So if you’re a fan of the keyboard pattern letter combination technique, it seems you’re not the only one.
Over the years, hackers have caught onto this and can now use keyboard layouts and special algorithms to crack your ‘random’ password.
Solution: Base your password on a memorable sentence and use that to create your password. For example, you could turn My favourite sandwich is cheese & tomato – it costs £2! The password could then be MFsiC&T-ic£2! Or you could use a generator to come up with a truly random password that no one else will be using.
Personal details included
Password problem: You have to use multiple passwords for all your different accounts, so lots of people use personal details like your birthplace or pet’s name to remember them. This is a very bad idea.
For a hacker with access to some of your information already, it’s pretty easy to work out, plus it confirms to them any details they’ve managed to find about you already are correct.
Solution: use a password manager to automatically save your passwords for you so you can make them more random. You can also use it to securely store all your passwords in a safe place in case you need to get hold of them.
Using the same password on every site
Password problem: Rather than fussing around with different ones, you use the same password for everything.
Once hackers get hold of your password, they can use it to access all the other sites you have an account with. That means if they’ve discovered your low-risk Twitter password – fairly harmless – they can also use it to access your bank details.
Solution: set up different passwords for each of your accounts. If it’s too hard to remember lots of complicated combinations, have a scale of less secure passwords you use for social media through to more secure ones for banking or making online payments, or use a password manager to generate and store them all.
The future of passwords is… password-less?
Of course, using a password will never be 100% secure. That’s why there’s a load of technology being developed that aims to bypass them altogether.
Apple uses Touch ID to let you unlock your iPhone or iPad by holding your finger on the home button. While Android has also included fingerprint recognition software in its Marshmallow operating system.
Microsoft is now using facial recognition as part of Windows Hello, which lets you log in with your face or by scanning your eye.
Google is also trialling Project Abacus, a piece of software on your smartphone that can memorise your daily routine, common locations and how you type – and automatically lock your device if it registers suspicious activity.