We all know that using 'good' passwords for our online accounts is important. We know that they should be long, strong, and unique. But, we also have a lot of different online accounts these days too. It’s become harder to remember all the passwords we need for them. So instead of making sure our passwords are unique, we often reuse the same ones over and over. Unfortunately, that makes our accounts vulnerable to attack.
It’s easy to think that:
- you don’t have anything online that anyone else would want, and
- no-one’s going to go to the effort of figuring out your passwords.
However, most cyber security attacks are random — they don’t target specific individuals. Instead, attackers look for easy ways to gather personal information online. They’re not picky about who it belongs to. Their aim is simply to get as much information as possible, and then use it for their own gain.
Passwords are particularly easy for attackers to get hold of. They do this by:
- accessing email addresses and passwords that are leaked online in data breaches
- buying lists of passwords that are often sold online
- using software to 'guess' passwords through brute force.
If you share the same password across several online accounts, you can see why this could cause you problems. Think about what might happen if someone got hold of the password for your email account, for example. You might think your email account isn't much use to anyone else, but:
- your email password could also be the password for your social media accounts
- you might have a note of passwords for other accounts saved in your emails
- the contact details for your friends and family are all in there too
- work or contract information, or other sensitive information, might be stored in your account.
This information is all useful to an attacker. If they get hold of it, it could not only cause difficulties for you , but possibly for your friends and family as well. With access to your email, the attacker could:
- send emails on your behalf containing links to download malware, such as ransomware. Anyone who gets an email like that would trust it, because it looks like it comes from you
- click the 'forgot password' option on your other accounts. The reset password email would let them reset it. That would give them full control over your account, while you'd be locked out of it altogether.
So, it's important to take time to look at your passwords, for all your online accounts. Here's what you need to do to make sure they’re doing their job.
Use a different password for every online account you have
Make them unique — use each password only once. Many of us use the same password for all our accounts, or stick to two or three different ones that we use over and over. The problem with this is that if an attacker gets hold of one of your account passwords, it'll give them access to any other accounts that share the same password.
Make your password long and strong
Long passwords are strong passwords. An easy way to create a good password is to make a passphrase, that’s four or more random words. Not only are passphrases easier to remember, they’re as strong as a password that uses a long mix of numbers, letters, and symbols.
You can try making a passphrase that’s a sentence or fun phrase unique to you. For example, popcornwithbutterisbest or catseatpotatochips
Another idea is to look around you and pick four random items, for example Coffeelemoncupflowers
Always use words that are random to you, and avoid using family names, birth dates or addresses – this type of information is easy for people to find.
Don’t use personal information to create your passwords
Personal information is easy to find online, especially if you use social media. Details about you, like your date of birth, your address and even your pet’s name are only a few clicks away. They’re the first thing attackers check when they’re trying to hack into other people’s accounts. So, if you share pictures of your dog online, make sure you don’t use your dog’s name as your password too.
Keep them safe
If you’re worried about remembering your passwords, try using a password manager. This will store and manage your passwords for you. The password manager will be the only account you need to remember login details for. And don’t share your passwords with anyone — this includes your partner, your parents and your children.