Can you guess what Blink 182, the Dallas Cowboys, and dragons have in common? According to the UK’s National Cyber Security Center, they are some of the most common themes in password security. The password you choose is often the only thing keeping strangers from viewing your potentially confidential information. Despite this, password security is rarely as strong as it should be. It’s common for most passwords to be something simple, like a favourite band, sports team, or mythical beast.
For nearly a decade, passwords like “123456” or the word “password” have been used for tens of millions of accounts. This applies to accounts everywhere, from internet forums to million dollar companies.
Every year, dozens of online security firms publish lists of the most commonly “hacked” passwords, yet these simple passwords remain. Luckily, they include a variety of tips to increase your password security enough to stop any hacker in their tracks. Here are four of the easiest to implement tips for passwords that you can trust.
1. Don’t use a word significant to you or your life.
To avoid the risk of forgetting a password, many users choose something significant to them. This is often a family pet, a last name, a favourite sports team, or a significant number. Though these ideas make a password easy to remember, they severely reduce your password security. With the popularity of social media, it is not hard for a stranger to find all of these things out. In 2016, nearly ⅙ of adults used something as simple as their pet’s name in their passwords.
Pro tip: For the highest password security, don’t use a word at all for your password. Almost every internet security firm will recommend using a random assortment of letters instead of a normal word. Though it may be more difficult to remember, this will create a password you’ll never have to worry about.
2. Use a mixture of capitalizations, numbers, and symbols.
A common security feature built into many websites is the use of “case sensitive” passwords. Case sensitivity is when a website recognizes the difference between lowercase letters and uppercase letters. This adds an additional layer of complexity to password security, as now every letter has two different possibilities.
Another way to stop unwanted access to any of your accounts is to include both numbers and symbols in your password. While a word can be easy to guess, a series of random numbers or punctuation marks is almost impossible to predict. The more numbers added, the more possible password combinations a hacker would have to try before gaining access.
Pro tip: Underscores, periods, @ symbols, and exclamation marks are some of the most commonly used symbols. Try using different symbols on the keyboard, like square brackets and percentage symbols, for even higher password security.
3. Password security is ideal with 12-15 characters or more.
When it comes to creating a password, the length of the collection of letters, numbers, and symbols is key. As technology becomes more advanced, it becomes easier for hackers to make more login attempts in less time. While a random collection of 8 different letters and numbers makes a strong password, every additional character makes it stronger. With 94 different unique characters on the average keyboard, every character makes a password 94 times more difficult to guess. According to experts, a good 8 character password would take a single, incredibly skilled hacker 4 hours to guess. A good 10 character password, though, would take the same hacker 3 years.
Pro tip: Try using a high quality password security and storage tool. These often generate and save strong passwords for you, and can be locked with a single, incredibly complex password. Many of these services recommend master passwords around 25 characters in length, so they are virtually impossible to hack.
4. Don’t fall for password security scams!
The most important thing to remember when it comes to password security is that hackers don’t want to guess anything. Hackers will send out up to 156 million fake emails every day in an activity called “phishing”. Rather than spend days or months trying to guess a single password, phishing allows hackers easy access to your accounts. The reason it is called “phishing”, though, is because it only works if you take the bait. If you avoid these emails, you avoid putting your information at risk.
When receiving an email you weren’t expecting, always consider the following:
- Do you recognize the email address? Are you familiar with the domain (between “@” and “.com”), or does it match the company the email says it is from?
- Is the email asking any strange questions?
- Are any of the questions about personal information?
- Is this person demanding anything from you, using threats of criminal charges or demanding money?
- Does the email contain an email or phone number you can contact to verify the validity of the message?
- Are there any major spelling or grammatical errors?
- Does it have any vague statements or claims, followed by a link?
- Have you contacted this company or individual recently?
Though these may not have to do with your password, they are signs that your password security is at risk. Phishing emails are designed to trick users into giving out personal information that could be used to steal their passwords. Learning how to recognize these phishing emails, like these CRA ones, can help keep your password safe.
How can you enhance your business’ password security?
With a business, it can be difficult to maintain password security. Social media and website administration accounts are often used by multiple employees, increasing the overall risk. The best way to ensure the password security of your business is to keep this number as low as possible. When it comes to website development and marketing, a single, reliable team reduces the chance of having a weak spot. Siva Creative offers everything from graphic design and social media management, to web development and content creation. We consider the online security of our clients to be as important as our own security. Don’t risk your password with three different weak links – trust Siva Creative and rest assured.