Data breach. Account hacks. These terms pop up increasingly often in news articles, social media feeds and email notifications. As with all shock-factor stories, it’s not always clear where reality ends and hype begins, but there remains a very real risk to personal information and finances that should be taken seriously.
While digital security may often seem a deeply technical issue, there is a basic protective element that everyone can take care of themselves: the password. Most of us seem not to do a good job of it, however. We have some very bad habits when it comes to online passwords, habits that minimise their strength.
Same old, same old
We’ve all been there. You try to log in to a particular online platform only to realise that you’ve forgotten the password – one of many that you have to remember.
Many of us avoid this situation by using a single password across multiple accounts. In doing so, we expose ourselves to great risk: just one data breach or password hack could allow unlimited access by cyber criminals to several accounts in an extremely short time.
Ensuring the safety of your data should start with a unique password for each account. Of course, this could mean having to memorise more than 90 passwords, which is a tough ask. This is where password managers come in.
Services like LastPass securely store all login information and can even be used to generate random passwords to heighten security. For the particularly cautious (or clever), some accounts, such online banking, can be excluded from a password manager. The net result is that only two or three unique passwords need to be memorised.
Hit the Refresh button
It’s easy to be complacent with the password you chose years or even decades ago. But there is a reason some networks require a new password every few months: the longer a password remains unchanged, the greater the chance it has fallen into the wrong hands.
There is an international trade in stolen account login credentials. Some of your old passwords could well be part of it. By changing passwords regularly, you significantly reduce the risk of hackers gaining access to your personal data.
If you have not changed your passwords in some time, now might be a good time for an update.
Paint by numbers
Many digital services now require you to use more complex passwords than before: longer ones, with numbers and symbols included. Passwords like these take longer to crack.
The typical response by users to these new requirements is to use digits and symbols in predictable ways: a “$” for an “s”, for example, or an “@” instead of “a”. These switches aren’t as crafty as they seem; hackers have long guessed them and included them in the software they use.
Avoiding a formulaic process of including symbols is key to improving a password’s real strength.
Break down the complexity
What you may not realise is that a simple phrase could offer increased security and be more challenging to guess than a single word, even if the latter uses symbols and the like. How about something like “Ilovesushiandbeerfridays” or “TravellingtoItalyrocked”?
Connecting multiple words to form a phrase that is unique (avoid famous or well-known phrases) offers two advantages: it is harder to hack and it is also easier to remember, as it can have personal relevance.
A false sense of security
At some point, we all forget a password and have to rely on security questions to regain access. When setting these up, a lot of us make the same mistake: we select answers to questions that are easily accessible online.
For example, a commonly used question relating to your mother’s maiden name might be a cinch for fraudsters with access to data shared online illegally, in public records, or through social media.
Where possible, using unique questions or at least unique answers, can provide an essential layer of security to your personal data.
Gerhard Oosthuizen is chief information officer of Entersekt