A password is the first and fundamental line of defense for your online account. However, when creating and using it, many people commit cardinal mistakes resulting from neglect of basic safety rules.
The password must be as secure as possible to remain a password. Of course, we will never achieve complete security: a resourceful hacker can access an account without a password. But our observance of elementary security rules will significantly complicate the life of thieves and reduce the risk of theft.
If you have a simple password that other people most likely use, then, in fact, you do not have any password. This rule applies to entering the bank and to all other websites on which authorization occurs using a password.
Don’t use popular passwords
Since most users have several accounts that require entering an access code (bank account, email, online store, social networks, etc.), as a rule, they choose the easiest way – they use the same password for all services.
Most users, moreover, use a sequence of letters (or numbers) that are easy to remember when creating a password. These are the habits that cybercriminals use.
Statistically, we can assume that almost half of us use at least one password, which is included in the group of popular passwords.
The most popular are:
- 123456 – this does not surprise anyone because most sites require at least a 6-digit password, and some users enter what they see on the numeric keypad;
- Password – or in Russian “password”. For many years it has been one of the leaders among access codes. It is easy to remember and also easy to hack;
- 12345678 – a more “advanced” version of the 6-digit digital password;
- qwerty – sounds a little complicated, but this is before the first look at the keyboard;
- 12345 – “simplified” digital password.
Among the more “advanced” passwords are:
- abc123 ;
- zaq12wsx (in different versions, entered from the bottom, top, and more complex: zaq1xsw2 ).
The best solution is to keep passwords as long as possible. However, the longer the password, the more difficult it is to remember and enter it without errors.
Experts say the absolute minimum password is 13 characters .
Fortunately, more and more websites, applications, or systems on which we create accounts have special requirements for the length of the password, which somehow forces users not to make mistakes in this aspect.
Don’t use passwords that are easy to crack
If you are not in the circle of lovers of the most popular passwords, try to make your password a “tough nut to crack” for an attacker.
Banks often force us to use more complex passwords: capital letters, numbers, special characters; however, many of us make it easier for ourselves and create a code according to the formula: Largeletter12! – capital letter at the beginning, numbers, and special characters at the end.
Sometimes we find it difficult to part with passwords that we made some effort to create or have some emotional dimension for us, such as date of birth, names of children, etc. Avoid them – remember, the password is our “watchman”: it should protect your property, and you shouldn’t get involved with it emotionally.
Don’t share your passwords even with relatives
This advice may seem trivial, but it is proven by experience: Never share your passwords, let alone a list of one-time codes, to third parties, even very close ones.
Keep this information hidden if you need to keep your password (don’t hide it – complex passwords are hard to remember).
How to create a complex password that’s hard to crack
In addition to the correct length of the password, its complexity is of great importance. Creating a password using only lowercase letters or numbers narrow down the list of possible combinations that a fraudster must use to crack it.
Therefore, it is best to use different types of characters in one password:
- lower case
- the numbers
- special characters: exclamation marks, parentheses, question marks, etc.
Separate password for each account
This is one of the most important commandments for creating strong passwords. And one of the most common mistakes users falls into. It’s incredibly convenient to have one password for all your accounts. This fact in itself creates a temptation to act in this way.
Sometimes we also fall into a “mental trap.” When creating an account on a small website, such as the Fan Forum for a game, we believe that it is not essential to create a separate password for it. Moreover, we register for one specific purpose, for example, to get a discount on the game.
Meanwhile, if someone third gets access to this site and collects user data, he will do this not to publish the list of fans of the game on the network, but to check if the stolen passwords match accounts on social networks, online banks, on company websites, etc.
Therefore, it is worth adhering to the principle – one account, one password. This can seem intimidating because every password needs to be thought of and, even worse, remembered. Luckily, we have password managers. These applications generate complex, unique passwords and store them in the memory of a computer, smartphone, and cloud, encrypting them in advance to make them as difficult as possible to crack.
Don’t use easy to remember password
We often come up with passwords so that we can easily remember them. We choose some obvious phrase with which the password is associated, for example, a middle name, a child’s name, the name of the street on which our house is located, a phone number, or the name of a profession.
This is a mistake. Firstly, many users are doing this, which is a serious advantage for scammers. Secondly, such data is easy to obtain if you show a minimum of ingenuity and a little dedication.
Mnemonics make it easy to remember long passwords
Using mnemonics, it’s easy to create unique, complex passwords that won’t leave your head the day after you create your account. Take, for example, a piece of music or poem that has special meaning to us, take your favorite (longer) passage from it and write down the first letters of each word, including the punctuation marks, to make things harder.
Converting letters to numbers with special characters
Adding special characters to the password makes it more secure and harder to crack. Some sites even require this when creating a new account. Have no idea how to include them in your password so that you don’t forget shortly after registration?
The easiest way is to replace the letters with similar special characters or numbers. You can replace the letter “o” with zero. The exclamation point will substitute for the letter “i,” and instead of “a”, you can enter the number 4. There are many possibilities.
Saving passwords in browsers – better not
The most popular web browsers offer to save logins and passwords when we register or log into the site for the first time. Yes, this is very convenient, especially since logins and passwords in browsers can be transferred between devices.
Unfortunately, convenience is convenience, and security is another matter entirely. Storing passwords across browsers is a bad idea. There is only one reason. Cybercriminals have and use special software designed only to steal passwords stored in browsers.
A much better solution is to use the password managers.
2-Step Verification are better
More and more places on the web and more service applications enable us to use 2-Step Verification. It is based on the fact that entering a username and password when entering the system is not enough to gain access. This is only a partial identity check.
Full Verification requires a second step, which usually boils down to one of the previously selected options, for example:
- sending the login code via SMS to the phone number specified during registration
- sending the login code by e-mail to the address specified during registration
- telephone conversation (most often, the machine gives us an entry code)
This is a severe hindrance to fraudsters. They need to steal the account login and password and gain access to our smartphone. And while 2-step Verification can be a problem and delays the entire login process, for the sake of our security, our data, and resources, it is definitely worth using.
Passwords should be changed from time to time.
Nothing protects us online like cyclical password changes. Do you need to do with all the accounts you’ve created over the years of using the Internet? Well, that would be nice, but the fact is, we would be spending a lot of time doing this regularly.
This is why you can focus on the most important places – online banking, email, social media accounts, places related to work or services (for example, on Steam, where passwords are stolen and resold to other users all the time).
How often do you need to change passwords to new ones? Experts recommend doing this at least once a month. Yes, we understand that your creativity at coming up with new passwords can quickly dry up with this frequency. Therefore, we again recommend using password managers, where we can also find password generators.
Your best defense against cybercriminals is your mind
Cybercriminals have tools that can hack the security of the largest corporations, governments, and nongovernmental organizations. However, the primary attack strategy is to find weaknesses. More often than not, these weaknesses are. People their naivety, ignorance, irresponsibility.
Sometimes, to maintain digital security, you do not need the most modern security systems for computer networks, but you need consistent work with basic things. One of its elements is best practices related to password generation, storage, and periodic replacement.
Account access is constantly being stolen. And if we were asked to predict the frequency of their thefts in the coming years, we are sure that it will not decrease. Therefore, if you are learning from mistakes, it is imperative not to learn from your own. This can be expensive.