Top Tips For Creating Super-Secure Passwords
These days, our social media accounts, emails and bank account details are only as secure as our passwords – which is why the cunning ‘password123’ isn’t enough to keep our data safe. With hacking tricks becoming more and more complex, it’s up to us to guard our digital property with the same care that we’d guard our physical property. After all, you wouldn’t leave an unattended box of £20 notes sealed with Sellotape to ward off criminals!
2020 has already seen significant hacks at huge companies like Twitter, Marriott and Zoom, proving even large companies aren’t immune. So for individuals the straightforward solution is in making our passwords difficult to crack.
But what techniques are effective in the fight against hacking? Read on for the Switched On team’s top tips on how to come up with iron-clad credentials.
Avoid using the most common passwords
Let’s get the obvious one out of the way first: easy to guess passwords are a no-go. This often involves your name, the first part of your email address or other personal details. Or, it could be the 10 most commonly-used passwords, which are: 123456, password, 123456789, 12345, 12345678, qwerty, 1234567, 111111, 1234567890 (nice try though), 123123. iloveyou, sunshine, and dragon are also popular passwords, so best avoided.
The more complex, the better
As hackers use automated scripts that sequentially try out different passwords, complex passwords are a safer bet. Current advice is to make your password long (15-30 characters), with a good mix of uppercase letters, lowercase letters, numbers and special characters. Hackers know all about substituting letters for numbers (lik3 th1s) so it’s not as foolproof as we might think. And if you’re using numbers, mix up the string so it’s not just counting upwards!
Try weird words and sentences
When hackers try to crack the code, they often run through dictionaries, phrases and e-books. It means the more unusual the password, the more difficult it is to work out. For example, it could be a string of unassociated words, like VelvetAlienTomatoIts£595. Or think of a phrase that’s memorable to you, but take every fourth letter out, like coulyoumkemecupotea£595. Peppering in capital letters and special characters makes it Fort Knox-secure, like cOulyOu?mkemecupOtea£595.
Use different passwords for each site
This is a critical one. Hackers work on the basis that one discovered password will work across lots of different sites – and usually, they’d be right. So if you recycle passwords across the internet, your data is only as safe as the least secure website you use. Instead, change it up for each site that holds confidential data. Let’s admit it, you’re likely to need a genius brain to remember them all. But for most of us non-geniuses, there’s the option of online password managers. Which brings us to the next point…
Don’t write down your passwords
As tempting as it is, it’s not a great idea to jot passwords down in a notebook, nor to keep it digitally, like on an Excel spreadsheet. Instead, you could keep a list of password hints that only you could decipher. Or online password managers are coming into common usage. These can generate and store unique passwords, all accessed via one master password that should be super-duper secure and memorable. Google have this tool, and lastpass.com is another popular one, but we recommend that you check out each option carefully to make sure it meets your security needs.
Check if it’s known to hackers
Finally, when you have your impenetrable, varied, long and unique password, the National Institute of Standards and Technology in the US recommend checking it against a list of passwords that hackers are already aware of. Haveibeenpwned.com is the go-to place for this, as it collates a number of these lists for a comprehensive result. They encrypt the password you enter too, so it’s kept secure during this process. If it doesn’t come up as one of the 572 million passwords that hackers are aware of, you’re good to go!