Passwords. We can’t get through the day without them !!
From logging into our social media accounts to managing our online banking, those little strings of letters and numbers are necessary for just about any activity we conduct online.
We know they’re important. We know they keep our data safe. And we know they should be strong and complex to avoid our data being stolen.
Yet, when faced with the ‘choose password’ field, it’s always tempting to create a password we’ve used before. One we’ll remember again in a few days’ time. After all, we’ve all faced the frustration of repeatedly trying to guess a password only to be locked out of an account we need access to right now.
But reusing passwords is a risky strategy. When websites encounter a cyber attack and data is stolen, the hackers can then try those same passwords on other popular high-risk websites. So, if you’ve used the same password elsewhere, you could be giving the crooks easy access to many of your important accounts. And if they have your password, chances are they also have your email address, username and other personal information.
The importance of strong passwords
Often, we opt for weaker passwords on sites we think don’t matter so much. Your gym or library account for example. Then we take care to choose stronger ones on the sites we deem more important, such as our online banking.
The problem is any website – big or small – can be at risk from cyber criminals. And once they have your data from one source, they can then use it elsewhere.
Even if you’ve followed the rules and used different passwords on different websites, the hackers might still be able to gain access using your other personal data. By using the ‘forgotten password’ option on subsequent sites, they can bypass the need for a password, by using other security data like your date of birth.
If you’ve fallen into the habit of using weak passwords, or re-using the same password, you’re not alone. Security experts have found that the majority of people use weak passwords and reuse the same password over and over on different sites. Meanwhile, a report published by telecommunications company Verizon found that 81 per cent of data breaches were caused by weak or reused passwords.
Creating strong passwords
When creating a new password, there are a few things to consider to assure you are better protected. Recommended criteria for what is best suited for a home Wi-Fi connection is listed below.
- Have at least 8 characters.
- Include upper and lower case letters.
- Have at least one number.
- Include at least two special characters such as ! @ # $ % ^ & * ( ).
- Be random.
- Make sure the password is significantly different from previous passwords and passwords used in other applications.
- Turn on 2-step authentication whenever possible.
Below are examples of things NOT to use in passwords;
- Should NOT contain your user name, you or children/families real name, or your companies name
- Should NOT be your Street Address
- Should NOT be your family/pet name
- Should NOT be a birthday/anniversaries
- Should NOT contain a complete or dictionary word (ie password, watermelon, Chiefs)
- Phone numbers
- Passwords from applications and services should not be the same password
- Should NOT be obvious information about yourself or location that anyone who knows you can guess
What is a password manager?
A password manager is an online tool that stores your login information for all the different websites you use. Once you’ve set up your account with a password manager, you’ll be able to log into other websites automatically – without needing to remember each individual password. The only password you need to remember is the master password for the password manager tool.
Are password managers safe?
A high-quality password manager is safe because your information is encrypted within the system. That means no-one can see or steal your passwords.
The best password managers also offer a host of other features, making your everyday experience of using the web easier and simpler. Here are 10 benefits that password managers offer:
1. No more weak passwords
Without a password manager, the risk is that you and your colleagues will continue to create easy-to-remember passwords. But of course, if a password is easy to remember, it’s also easy to hack! A password manager will ensure your passwords are strong and alert you to any that fall below the recommended strength.
2. Generate random passwords
Trying to create your own random passwords can be harder than it sounds – particularly if you’re attempting to get a good combination of letters and numbers plus upper and lowercase characters. You can save time by letting your password generator create strong passwords for you automatically. This also means it is not a password that is a word with numbers that you can remember but is also easier to compromise.
3. Easy access to accounts with stored log-ins
Once you’ve set up your password manager, you’ll be able to access your accounts quickly and easily. No more racking your brain trying to remember which password you used on a particular website. And no more having to click the ‘forgotten password’ link and wait for the email.
4. Increased efficiency
When your employees need access to various accounts throughout the working day, forgetting passwords can add up to a lot of wasted time and frustration. With a password manager, your people will be able to log in the minute they start work and have access to everything they need. Not only does this boost productivity but it also creates a better work environment with motivated staff.
5. Easily update your passwords
If you’ve realised you’ve been using weak passwords for years, you might be worried about all the accounts you have out there that need updating. Going through each one to change your password to something more secure could be a time-consuming and laborious job. Password managers make the process easier by identifying the accounts where you use a weak password.
6. Use the convenient autofill feature
With a password manager, you can set up autofill to make registering on new websites quicker and easier.
7. Share passwords securely
Often in business, colleagues need to share passwords with other members of the team. With a password manager, this can be done securely, without compromising other data. You also have the option of whether or not you want to make the actual password visible for the recipient when you share it via a password manager.
8. Store more than just passwords
Some password managers let you store other important data such as credit card info and confidential notes. That means everything is conveniently in one place with the peace of mind that it’s safe and secure.
9. Use the same password manager across multiple devices
We all use our devices differently at different times of the day. For example, you might want to log-in to your online banking on your PC when you’re at work – but from your smartphone when at home. You can set up your password manager to work across multiple devices, so you can easily log into accounts from your laptop, phone and tablet throughout the day.
10. Safeguard against phishing
Password managers can help against phishing attempts as they enter account information based on a website’s URL. So, for example, if you’ve been taken to a fraudulent site that looks just like your bank’s website, the password manager will not automatically fill in your log-in information. This will give you the opportunity to recognise that you’ve been taken to a different website.
How do I get a password manager?
There are lots of different password managers available. Many offer free versions but you can also upgrade to a paid account, depending on what features you need. Take a look online to research different options and then you can subscribe to your chosen one via their website.
You may find that your web browser already comes with its own password manager tool. However, we don’t recommend relying on these as they are not as dependable as a dedicated password manager. Often with a browser-based manager, the data is stored in an un-encrypted format on your computer, making it less secure. In addition, browser password managers don’t often have the extra features that come with dedicated password managers.
Which is the best password manager?
The password manager we recommend to our clients (and use ourselves) is LastPass.
LastPass is a cloud-based password manager that can be used on any device and with any browser or operating system. It offers a number of powerful features and security enhancements such as two-factor authentication options to keep your password vault protected.
With LastPass, your passwords are stored on the system’s servers in an encrypted form. Your passwords are decrypted and encrypted locally when you log in – that means even LastPass itself cannot see your password.
Getting started with a password manager
The first thing you’ll be asked to do when starting with most password managers is to choose a master password. This one password will give you access to your whole database of other passwords – so it’s important to make it strong. The good news is that this will be the only password you’ll need to remember in the future. Most password managers will offer to generate a strong password for you, so you don’t need to agonise over which combination of letters and characters to choose.
Once your password manager is installed, you’ll be able to start changing your existing passwords across all your various accounts to ensure they are secure. Depending on which password manager you are using, it may even offer to identify and replace any weak or duplicate passwords for you. This is a good step to ensure that you are not using the same password across a variety of websites.
What next?
Passwords. We can’t get through the day without them.
From logging into our social media accounts to managing our online banking, those little strings of letters and numbers are necessary for just about any activity we conduct online.
