We all enter passwords on our computer, mobile or tablet every day. Passwords make it easy for us to access our accounts while others can't. They are designed to protect our personal information, but unfortunately passwords are becoming easier and easier for cyber criminals to crack. That's why it's important to have strong passwords for all your accounts, and a password manager can help.
Only the strongest password survives
Weak passwords are those that are easy for hackers to crack. They are short and simple, and there are a number of typical passwords that many people use, such as "password", "123456", "111111", "qwerty" or "iloveyou". To ensure that you create the strongest passwords possible, there are a number of tips you can follow.
Use is no-go
Never reuse the same password for multiple accounts. While this is easy and you don't need to remember very many passwords, it is a major security risk. If a hacker cracks just one password, they'll also have access to your email address and username. If they are also the same for several or perhaps all of your accounts, then the hackers will have free access to all your personal information. This could be your address, social security number, credit card information, digital calendar or personal photos.
It could also be that one of the companies where you have an account has been hacked and the hackers have stolen your login details and those of many others. The login details are encrypted in algorithms called hashes, but the encryptions can be decrypted by hackers.
Also avoid passwords that are variations of each other, e.g. Moxso20, Moxso30 etc.
More is more
Strong passwords are long and complex. The longer your password, the longer it takes for hackers to decrypt it. A common rule of thumb is that a password should be at least 8 characters long, but it should actually be a lot longer than that, as it doesn't take very long for a good hacker to crack a password of that length. A long and complicated password can take years to crack, while an 8-character password that starts with a capital letter and has an exclamation mark at the end can take as little as an hour to crack. Special characters, numbers and a mix of upper and lower case letters all add to the complexity of a password.
The problem with having long, complex and unique passwords for all your accounts is that it becomes almost impossible to remember them all. One way to make it easier for yourself to remember your passwords is to use compound phrases as passwords. By making up long sentences and then taking the prefix from each word in the sentence, you can turn your passwords into acronyms that make them easier to remember. Some examples are:
- DisastersDisabledTit (Kat)
- ManyObservesX-factorSuperOften (Moxso)
However, it is important to remember that the content of these phrases should have no personal relation to you. So don't use your mum's or dog's name as part of your password, as hackers can find personal information about you via Google or social media.
What is a password manager?
A password manager is a digital service that generates unique, long and complex passwords and stores them for you so you no longer have to remember them. You only need to remember one password, the password for your password manager, which you make up yourself. You use it as the master key to your password manager.
When you have a password manager and need to log in to an account on a website, you first access the website normally. Instead of entering your own, and perhaps not so strong, password, you enter the key password for the password manager, which then automatically fills in the relevant login details on the website. So you don't have to remember your email address, username or password - the password manager does it all for you.
Each time you create a new account and therefore need a new password, your password manager auto-generates a random, strong and unique password, which it then stores for you.
Which password manager should I use?
There are generally two types of password manager - browser-based password managers and dedicated password managers.
Browser-based password managers are built-in features of internet browsers such as Chrome, Firefox, Internet Explorer and Safari. They also store your passwords and suggest strong passwords. However, these types of password managers are not ideal as many of them store your passwords on your computer in an unencrypted form.
Dedicated password managers are specialised programs and some of them haver several security functions, such as monitoring data leaks. Some of the most popular password managers are 1Password, LastPass, KeePass and Dashlane. There are both free and paid password managers. When you use a dedicated password manager, all your passwords are stored in the cloud and encrypted. Even if a hacker were to gain access to your password manager, it would be difficult for them to decrypt the passwords.
Some password managers can also protect you from phishing attacks. They can compare a website's immediate URL with the website's stored URL. If the two URLs are not the same, the password manager will not automatically fill in the login details. So if you click on a link in a phishing email that takes you to a fake website, the password manager will make sure hackers can't get your details.
It's also possible to get a two-step verification on your password manager. Two-step verification makes your accounts extra secure, as you need both your key password and a sent password on your mobile phone to log in to the accounts.
About the author
Sofie Meyer is a copywriter and phishing aficionado here at Moxso. She has a master´s degree in Danish and a great interest in cybercrime, which resulted in a master thesis project on phishing.