Password security: How to protect your devices and online accounts
Having strong passwords is the first – and often only – line of defence between your important personal information and a cybercriminal. So how do you make it unbreakable?
Password123. The name of your first ever pet (RIP). Your birthday date. Your birthday date, but backwards.
We’ve probably all gone through several permutations of the above when coming up with passwords for yet another account we’re forced to create – and then reusing that exact password across ten other websites.
Yes, we all know this goes against everything we’ve learnt about internet safety. But truthfully, when you have to make an online account for just about everything these days, good password habits usually fall to the wayside.
However, making strong passwords and keeping track of all of them isn’t as much of a hassle as you may think. While it involves a teeny bit more effort, it’ll pay off handsomely when it comes to keeping your accounts safe from the hands of hackers.
Make a passphrase
Instead of a traditional password, cyber security experts recommend using a passphrase. This is a sequence of several words, making it much longer than a password, and therefore harder to crack.
Pick a few random words – so, no obvious or common combinations like “sunny day” or “cold winter” – that make sense to you but no one else. A good number of words is anywhere between four to eight words (as we say further down: the longer the password, the stronger it is).
As well as being more secure than a password, a passphrase is much easier to remember than a random combination of letters and numbers. Breathe a sigh of relief, as you no longer have to commit to memory a key smash of JYWh$bt67*g!
Not only are passphrases less vulnerable to cyberattacks, they're also easier to remember.
– Rob Baillie, mobiles and broadband expert
The longer the password, the stronger
It’s no secret that the longer the password, the tougher it is to crack. That’s because with every extra character, it becomes exponentially more difficult for a hacker to brute-force their way into your account.
Using advanced software, cybercriminals can go through thousands of possible password combinations a minute. To give an example: a six-character password comprising uppercase and lowercase letters, numbers and symbols takes a mere five seconds to crack. In comparison, a ten-character password takes five years, while a 12-character one takes a whopping 34,000 years.
So, once you’ve created a memorable passphrase, it’s a good idea to add some ‘padding’ to make it even longer. That could be a string of repeated characters (uppercase and/or lowercase), a combination of numbers, symbols, or all of the above.
Don’t repeat passwords
If you’ve crafted a strong password, you may be tempted to use it across multiple accounts. And if you need to create a one-off account to apply for a job or do some online shopping, it’s understandable that you don’t want to keep concocting new passwords for every single inconsequential account floating around.
However, reusing passwords can put you at risk when a service’s password database is leaked or compromised – which happens way more than you think.
At the very least, have unique passwords for all your important accounts, such as personal e-mail, social media and online banking. Of course, you shouldn’t be expected to remember every longwinded password you have – which brings us to our next point…
Use a password manager
Unless you have a photographic memory, chances are you won’t be able to memorise every individual password across all your accounts. And don’t worry, you won’t have to – instead, you can use a password manager.
A password manager is a computer program that securely stores all your passwords for your different accounts. You can sign up to dedicated password manager software, but it’s often already built in to your browser, like Google Password Manager.
It makes logging in much easier, too. A password manager will autofill your log-in details when you visit a website, as well as sync your passwords across your various devices.
All you need to remember is the master password, which lets you easily access and manage the rest of your passwords. This way, you don’t have to worry about making and memorising unique, strong passwords.
Not to mention, many password managers come with handy features for extra security, such as notifying you if any passwords were compromised in a data breach and generating unique, complex passwords.
Use multi-factor authentication
Multi-factor authentication (MFA) adds another line of defence to protect your accounts. It’s a two-step verification method that requires you to provide an extra bit of info when you log in. Online services like banking and e-mail use MFA to make your account more secure.
As well as entering your username and password, MFA will prompt you for additional authentication. This is usually in the form of a one-time password (OTP): a four to eight digit code sent to your e-mail, phone or in an authenticator app.
Of course, if you don’t have your phone and you need to log in to your account, that’s another problem. Our guide on What to do if your phone is lost or stolen goes into more detail.
Other tips for staying safe online
As well as password managers, there are other nifty tools you can use to protect your data and your device. These include:
Antivirus software – This is a computer program you can install on your device to monitor for any malware or viruses. However, do make sure that the software you pick is legitimate
VPN – A virtual private network (VPN) helps protect your privacy online by hiding your IP address and preventing you from being targeted by hackers
Broadband parental controls – One for the parents, broadband parental controls let you monitor and manage what your children can and can’t access online
Many broadband providers offer free parental controls and antivirus software with their plans. If you’re in the market for a new broadband package, compare deals with MoneySuperMarket.
For more tips on how to stay safe on the internet, check out our following guides: