If you want to know how to create a strong password and keep your digital profiles safe, then you are on the right blog.
Creating a strong password can be an administrative nightmare as you could end up with numerous accounts with numerous usernames and passwords. The average number of passwords that every online user holds is 26 per person. Gasp! Yes, 26! Keeping track of all of them and ensuring that they are all hack-proof is a juggling act.
What generally tends to happen is that when we don’t know how to create a strong password or feel the one we have is ‘good enough’, we take a blanket approach and either use the same passwords for different accounts or create similar versions of the same password.
Although this approach may seem adequate to you, we all need to remember that there are hackers “out there” that start with this exact approach when targeting your accounts i.e. they target common passwords or passwords that begin with a capital letter, or ‘admin’, or ‘password’ – yip, people do that. Insane, I know.
If you want to run a check to see if your passwords have been breached in any way check out this website haveibeenpwned.com.
What hackers are capable of
Hackers are getting smarter and smarter and know that most web users don’t really know how to create a strong password.
They first target the easiest and most commonly used passwords. After that they move onto passwords with the least amount of characters. The more characters you use in a password the harder they are to break. It has been discovered that a password with 7 characters can only take 0.3 milliseconds to crack, but a password with 12 characters, can potentially take up to 200 years to crack.
Think of a safe with a combination lock. If you use your birthdate and a safe cracker starts with that because they have your Identity Number, then no problem to break in right? But if you used a combination of eight numbers that were randomly selected by rolling a dice, then not so easy to break.
The different types of hacking attacks
We could write a full article on the different types of attacks you may experience but this article is about how to create a strong password. So here is a snapshot of the most common attacks and some tips on how to safeguard against them
- Keylogger attacks – the action of recording the key strokes a person is making while typing on their keyboard.
Tip – use a password manager so your password is auto-filled and not typed.
- Brute force attacks – a bot uses common passwords like ‘password’ or ‘1234’ and enters them into your login page. There are multiple attacks over time and if the bot hits the right password, they are into your account.
Tip – use a lockout policy i.e. if there are for e.g. 3 failed login attempts it locks out anyone from entering a password again until it is reset.
- Dictionary attacks – a bot uses all the words from a dictionary and enters them into your login page. There are multiple attacks over time and if the bot hits the right word, they in. Just ask LinkedIn, they had six million passwords hacked in 2012.
Tip – Don’t use predictable words or common passwords.
- Phishing attacks – Hackers masquerade as ‘legitimate’ businesses and get users to open attachments, click on links or download malicious files.
Tip – Never click on links, download files, or open attachments from unknown senders and always verify requests for payments or updating your bank details by calling your service provider. Contact them directly to verify an email. Also, never email personal or financial information even to those you trust, as your email can still be breached.
How to create a strong password and other tips to protect your digital profile
- Use your web browser to create randomly generated passwords. Your favourite web browsers now offer random password suggestions when you create a new account on any platform
- Use an excel spreadsheet and then go mad with typing random letters, numbers and symbols into different blocks. Spread your fingers across your keyboard so as to avoid common typing patterns.
- Use a combination of letters in both lower-case and capitals and avoid common capitals e.g. using a capital at the beginning of your password.
- Use numbers and symbols when creating a new password.
- Fourteen characters is ideal and eight characters is the minimum to use when creating a new password.
Protecting your digital profile:
- Us a VPN (virtual private network) – the only way to cloak your web activity (including from your ISP) is to connect to a VPN. Here is a list of tried and tested VPN’s from security.org.
- Use identity theft protection – there are some good identity theft protection software packages that you can use like from this local security company.
- Two factor authentication – try using two factor authentication for the most sensitive of accounts. You can set this type of security up at authy.com.
- Store your files in the cloud. Use cloud based services to store your information. You can use platforms like Google Drive for personal information and for more advanced features you can use a platform like Microsoft Office 365. For more information on the cloud read this blog post – What is the cloud and how to make the most of it.
How to keep all your passwords safe
Now that you know how to create a strong password, you need to keep them safe.
- Avoid using an excel spreadsheet – this method is far too common when making sure all your usernames and passwords are secure. What if you forget that one password or your laptop gets stolen or lost?
- Rather use one of these tools to secure all your passwords:
Lastly and most importantly
Your first line of defence is your device (phone, laptop etc.). Make sure you know how to create a strong password for your device that is the most complicated password of all. If someone gets into your device and you have saved all your login details within your browsers well then, game over.