Top Tips For Effective Passwords
How many passwords do you have? 20? 30? Maybe even 50? These days access to all our digital data, from our email and bank accounts to shopping apps and social media, as well as accounts for platforms like Fayre, is controlled by passwords, although accessing apps via our smart phone using fingerprint or face recognition is also popular.
We all know that passwords are essential for our online safety, security and peace of mind. But it is essential to choose the right ones, and manage them carefully to avoid your data being compromised by cyber-criminals — in other words, hackers.
History of Passwords
The concept of the password originated from the Roman military watchword used to differentiate allies from enemies, as mentioned by the historian Polybius. Sentries would ask those approaching a guard post or entrance gate for the watchword. Only if they knew this watchword, would the person be allowed to pass. The watchword would be inscribed on a wooden tablet, which was then handed over to the next guard to go on duty.
Interesting fact: the Roman writer gives his name to a password encryption method, the Polybius Phalanx.
What Is a Strong Password?
So how do you know if your password is strong enough to withstand hackers? Most apps and website browsers advise using at least one Upper Case character (capital letter), one number, and one symbol (for example ?!*).
Some apps or platforms will offer a randomly created password, consisting of a mix of upper and lowercase letters, and numbers, which is the safest option as it has no particular pattern, familiar words or number sequences, and is therefore impossible to guess.
Using easily accessed information, like your own date of birth or your child’s name, is not the best option, or even 1234, 0000, or 1111 as supremely obvious numerical options. You’d assume everyone knows that, but according to the UK’s National Cyber Security Centre, “123456” was still used by the highest number of accounts in 2019–23.2 million in total, with other widely used examples including “qwerty” (3.8m), football clubs such as “liverpool”, “chelsea” and “arsenal”, and, believe it or not, “password” (3.6m).
Let’s hope this scant use of online security common sense has changed, especially after two years of living our lives largely online during the pandemic.
Indeed, the NCSC suggests using three random words together, ideally unconnected to any information about you which can be easily located online, such as pets or names of family members. You want something that is simple for you to remember, but still hard for a hacker to guess, such as “pinktreemoon”.
Another useful tip is to substitute numbers for letters, such as 0 for o, 1 for i and 5 for s, although some malicious software can spot this.
When you have entered your chosen password, a message will appear “weak”, “medium” or “strong”. Usually adding numbers and a symbol will improve your password’s security score.
If you are reusing the same password across multiple sites and cyber-criminals access one site, they might try the recovered passwords on the other sites you use.
Protecting Your Email Account
Most importantly, remember that above all you must ensure that your email password is impossible to detect, as accessing this will give hackers an entry point to essential details such as bank information and, of course, email addresses for your personal and business contacts. They could then “phish” — acquire essential information from these contacts fraudulently, asking them for money, and even change your own passwords, locking you out of other accounts.
One excellent option is two-step verification (2SV), also known as two-factor authentication (2FA) whereby as well as entering a password to access a service or account, you also need to use a second layer, with another form of identification. This could consist of answering a question in an email, “Did you log into xxx account? Yes or No.”, a code sent by text message to your phone (always beware of scammers), or in-app authentication.
Google Chrome for mobile phones has just added a new feature, a critical security alert if your password has been compromised. This service already existed on computers.
You must be extremely careful to store the private key (password) to your blockchain wallet, as without it you cannot access your crypto currency or make transactions.
Some wallets are “hybrids”, which means that they can access their wallet anywhere with an online connection. The company stores an encrypted version of your wallet’s private key, but not your password. So be sure to keep it safe!
In 2021, a San Francisco-based programmer named Stefan Thomas locked himself out of his account with 7,002 Bitcoin by forgetting his password, losing around $220 million (or $278 million today).
How Should I Store My Passwords?
Many phone operating systems have a password manager option such as Apple Keychain on iPhone, whereby all your passwords are stored together, so that you can access them just by using the fingerprint or facial identification. Web browsers such as Google Chrome, Apple Safari and Microsoft Edge have their own options.
They can also spot fake websites, warn you if you are reusing the same password on different accounts, and tell you if any of your passwords appear in a known data breach.
Alternatively there are separate paid-for services from anti-virus companies like NordPass, McAfee True Key, and Norton Password Manager.
You can also create a master password for the password manager itself.
On the other hand, it is always a good idea to keep a written list, using old-fashioned pen and paper, of your passwords, securely hidden stored in a safe (yet easy for you to find) place, as a back-up.
As our lives are lived online, even more so with the advent of NFTs, so our passwords are more important than ever for our privacy and security. Make sure yours are hacker-proof.