Password Security

Probably one of the most important thing to manage – PASSWORDS! #

It’s hard enough to remember five passwords, let along 25 or 50. That’s why we all get lured into creating one decent password and using it over and over again. You’ve been told this before: it’s a really bad idea.

Here’s the problem. Online services, website, emails get hacked all the time; they get infected with malware; sometimes they just go wrong. And it usually results in a data breach that exposes your user info.

And is isn’t just limited to small or obscure websites, PC/ laptops or smart phones. Things of all shapes and sizes get hit – they’ve all been compromised at one time or another.

Very often it’s email addresses and passwords that get exposed. Once compromised they get posted (or sold) online where anyone can see them, for whatever reason. If your password happens to be among them, and you’ve re-used it on other sites, all your accounts on those sites are at risk.

You can check if your email address is associated with any data breaches at  If it has, make sure you didn’t re-use the password associated with the breached account. And if you did, change them now, and make sure they’re not on the list of most commonly used passwords.

Think passphrase instead of password #

wgW7!@G%^45P. That’s what a secure password looks like. It mixes uppercase and lowercase, numbers and special characters, and is pretty well uncrackable. It’s also impossible to remember (and incredibly annoying to type).

An easy to remember password is, by definition, a bad password. But there is a neat compromise. When it comes to passwords, it turns out that length can actually be more important than complexity. So instead of coming up with short but complex passwords, try using a passphrase instead.

What is a passphrase? It’s a much longer, more memorable alternative. Just pick four or five random words – they need to be genuinely random, don’t use song titles or a line from a book – and string them together. You’ll find it a whole lot easier to remember, yet the length gives it its security.

Want a bit of extra security? Use some special characters between words. Not all sites allow this, but where they do, take advantage of it. ‘ThisRandomPassphrase’ can be harder to crack if it’s changed to ‘This&Random&Passphrase’. If you can remember something slightly more complicated, you can also switch out letters with numbers and symbols that resemble them. For example, replace ‘a’ with ‘@’ or ‘e’ with ‘3’, and you have ‘This&R@ndom&P@ssphr@s3’. As long as you can remember your scheme, you’re good to go.

Use a password manager #

Wouldn’t it be great if you only ever had to remember one password? It is possible. Many security experts recommend using a password manager, a piece of software that locks and encrypts all your login credentials in a single place. You only need to remember the master password – so make sure it’s a good one.

When you use a password manager you don’t have to worry about making passwords memorable, so they can be as complex as you like. Most of the tools will offer to generate them for you. As a handy extra, they’ll also automatically fill in your details on websites and apps when you visit them.

The best password managers work across your desktop, laptop and phone. Among the ones we recommend are:

What about getting your browser to save your passwords instead? That’s also safe up to a point. Browsers do encrypt passwords, although anyone who’s got access to your laptop or phone will be able to use them without any further checks.

And the most low-tech password manager of all? A piece of paper, kept in a safe place. We wouldn’t recommend it at work, but for many of us it’ll be fine at home.

Set up two-factor authentication #

Getting your passwords up to scratch is the first step to improving your online security. There’s one other thing you should do to properly lock down your most important accounts: use two-factor authentication (2FA).

The techie name doesn’t help, but the idea behind 2FA is really simple. When you try to log in to a website or app that has it enabled, you have to enter both your password and one other piece of information – usually a short code sent to your phone by text or to an app. What it means is that even if someone does get hold of your password, they still can’t log in to your account unless they have physical access to your phone.

You’ve probably used it already. Any time a bank texts you a code in order to verify a payment you’re making, it’s an example of 2FA in action. You can activate 2FA on all your main accounts – Google, Facebook, Amazon, PayPal and so on – and you really should.

If given the choice, use an app rather than SMS, since it’s more secure. Authy is the best app to use, and it’s pretty easy to set up, too.

Powered by BetterDocs