Strong passwords are your first line of defence against intruders and imposters. The best security in the world is useless if a malicious person has a legitimate user name and password. That’s why we’ve put together this simple guide to help you protect your security and identity.
Who needs access to what?
Firstly – and we know this is something you hear again and again – don’t use the same password on every website.
It’s so important, and yet it’s advice which is consistently ignored, leaving users at risk when passwords, usernames, email addresses and other confidential information fall into the wrong hands, as seems to happen with alarming regularity.
Don’t worry though. This doesn’t mean you need superhuman memory – we’ll discuss some solutions to the multiple-password problem shortly, as well as some ideas for creating passwords.
Don’t share your passwords
Be particularly cautious if someone has got in touch with you: a phone call from your bank isn’t necessarily legitimate, however convincing they sound – and organisations like banks won’t ask for your password anyway. The safest system is to simply never give your passwords to anyone.
If someone needs to access an account you control, the first step should always be to see if you can give them temporary access. Many systems allow separate users to be set-up, who can then be deleted as soon as they no longer need it.
If it’s completely unavoidable, then the best method is to change your password temporarily, allow them to use it and then change it again straight after, but you should only do that with someone you entirely trust.
Be very careful when clicking on a link (even if it appears legitimate) that then asks you to log in or change your password. “Phishing” attacks are very common and designed to capture you’re your information and pass it directly to a hacker. If in doubt, go direct to the site in question by entering the URL or via Google and logging in as you usually would.
Don’t be obvious
50% of people use the same 25 passwords (source) – ‘password’ is the classic example. Use a combination of letters, numbers and symbols. Swapping letters for numbers or symbols is a common way of making a password more complicated – but if it’s too obvious then it’s useless. ‘pa55word’ is so commonly used that it’s barely more effective.
Similarly, don’t use:
- Simple numerical sequences e.g. 4321 or 14789
- A single commonplace dictionary word
- Your name or username
- The names of your business, family members, pets, favourite football team.
Make it harder to access important things
It’s probably not the end of the world if someone hacks into the message board account you only set-up so you could view an answer to a problem three years ago. But it is pretty serious if someone gets access to your bank account.
Take appropriate security measures for important accounts – consider two-factor authentication, where you enter a code from an App on your phone or receive a text message to your phone before you can log-in. It might feel like a pain at the time, but it’s much less hassle than dealing with an emptied bank account.
How to manage your passwords
Most web browsers offer you the chance to save passwords as you browse the web – but if you find yourself on a different computer, or using your phone or tablet, these are normally unavailable.
You should be able to access your logins wherever you are. The harder it is, the more likely you are to either write things down or choose simple, unsecure passwords.
What’s the answer?
It’s all well and good us saying that you should have lots of different, complicated passwords – but managing them is a different matter. What should you do?
Writing down your passwords in a notebook is probably a good way of getting started, but you’ll regret it the day you leave it in a café or on a train (and you will).
Password managers are the most effective, safest way to deal with your passwords and a solution recommended by Get Safe Online (The online safety organisation supported by HM Government and leading organisations in banking, retail, internet security). We recommend – and use ourselves – a service called Bitwarden.
It will automatically encrypt and save logins and passwords for websites and apps you use, and there is the added benefit of being able to access them from any computer or device you are using.
Your Bitwarden account is protected by a master password (make that a complicated one and commit it firmly to memory), and simply recognises the website you are on and fills in the login form for you. It also allows you to easily view and copy passwords and other details if you need to.
If you’re concerned that someone could shop on your Amazon account whilst you are away from your desk, you can also force individual sites to require you re-enter your Master Password before your username and password are unlocked.
To make it even more secure, you can add Multi-Factor Authentication to your Bitwarden account.