To be effective, passwords need to be long, complicated and unique. It’s also a good idea to have a separate password for every account. But don’t worry, that’s doesn’t mean learning multiple passwords because there’s simple tech available to help with that.
But how can you possibly remember them all?
Don’t make it easy for criminals
Your passwords are the key to access your data, your online identity, your bank account, etc. People with bad intentions are out to unlock or get hold of your password. Criminals are smart and know that many people use simple passwords such as ‘password123’, ‘123456’, or ‘P@ssword!”.
It can be surprisingly easy for them to find out basic personal information about you which they can use to guess your passwords, too. So, be careful how much information you give away on social media, such as your date of birth, pet name or favourite football team. If you use this information as your password, it’s like using sticky tape to keep a door locked. No good at all! But, if you use a strong password, you can lock the door with a bolt and barricade it shut.
How to create a strong password
A strong password meets the following requirements:
- The password must not appear in the dictionary. Cybercriminals use programs that try out words from the dictionary at lightning speed!
- A password must not be linked to your personal information: so never use your name, date of birth or suchlike as a password.
- The longer the password, the more secure!
- Using uppercase letters, numbers, punctuation marks and special characters strengthens the password.
Three words is the key
Combining three words together is one of the best ways to create a strong password. Work through the steps below to create your own strong password.
Say hi to Jamal
Jamal went hiking through the humid rainforests of Brazil and saw many types of colourful parrots.
- Step 1. Choose three memorable words
Take a moment now to think of three words. Use inspiration from trips you’ve taken, your favourite bands, food or hobbies. It just needs to make sense to you. No one else should know it.
Jamal’s three words are: humidrainforestparrots
- Step 2. Include numbers
Add these at the beginning or the end, or split them between the beginning and end of the password.
Jamal went to Brazil in 2019.
Jamal’s password: 20humidrainforestparrots19
- Step 3. Include capitals
Jamal’s password: 20humidrainforestPARROTS19
- Step 4. Add ‘special’ characters
Jamal’s password: 20humidrainforestPARROTS19&&
And you’re done!
Of course, don’t use the password above, but create one yourself! Another possibility is that you choose a passphrase. Then choose one that is only meaningful to you, so no familiar phrases or proverbs.
The importance of unique passwords
At first sight, it seems like an easy solution since you only need to remember one password. But this is totally unsecure! Reusing passwords makes it easy for criminals to get access to multiple accounts if they find out just one of your passwords, especially your email. Don’t make it easy for them: make all passwords unique. And don’t stop there: make all unique passwords strong too.
You can set up your accounts based on sensitivity:
- Always choose unique and strong passwords for your sensitive accounts (= accounts where you use personal or payment information).
- For less sensitive accounts, you can always opt for variations on one strong password.
Password Managers
What is it, and how does it work?
In today’s digital world, there are ever more passwords that you have to remember: your e-mail account, your social media accounts, applications you use for study or work, applications for online banking, web shops, … We all have dozens of passwords to remember.
Password managers remember your passwords for you. All you need to remember is one master password to open the password manager and access your passwords. Doesn’t that sound so much easier than trying to recall them all?!
A password manager is also an excellent solution for keeping the passwords of accounts you share with your fellow students or colleagues. For example, a tool you use to work together on a project.
Create a super strong master password that can protect the rest of your passwords. Remember longer = stronger.
Different types of password managers
Depending on your specific needs, several free and paid solutions are available. In addition, you can choose an online or an offline password manager. Some examples:
An online password manager (in the cloud) is very user-friendly: every time you create a new password or change a password, it is synchronised to all your devices as soon as they are connected to the Internet. In an offline password manager, you have to do this manually. But since your passwords are stored locally with this type of service, the advantage of an offline vault is that you, as a user, retain control over its management.
Using a password manager can be a handy solution for those who can’t / don’t want to remember all their passwords, but don’t forget that the master password gives access to all your other passwords. If someone can obtain the password of your password manager, this person has access to all your accounts! As such, always choose a unique and strong password!
Two-Factor Authentication (2FA)
To make your accounts even harder to break into, enable 2FA. This means your account ‘double checks’ if it’s you trying to login. Or someone pretending to be you.
How does it work?
The principle is simple: two-factor authentication uses something you know (your password) in combination with something you have or are (e.g. a fingerprint).
There are various forms of two-factor authentication, one of the most commonly used is an access code sent to one of your trusted devices. You then use this code to complete the login process. Hackers will not be able to access your account from your username and password alone.
It goes something like this:
There are also other methods of 2-stage verification, such as using Google Authenticator App or physical keys.
Using 2FA makes it incredibly hard for a criminal to get access, even if they already have your password, as they’ll struggle to get your 2FA code, too.
Which accounts allow two-factor authentication?
Many Internet services and social media offer two-factor authentication: you can set it up on WhatsApp, Apple, Google, LinkedIn, Twitter, etc., among others.
It’s more important to use strong unique passwords with 2FA across your accounts than frequently changing one weak password to another.
What if my password has been hacked?
How is it possible that other people know my password?
It may happen that a website or online service you are using has been hacked. As a result, your login details can be found on the internet. You may also have clicked on a fake email and shared your password with cybercriminals without realising it.
What should I do now?
If you still have access to your account, you must change your password immediately. If you no longer have access to your account, you need to restore your account and then change all your passwords.
Notify your bank immediately if the attackers have gained access to your bank details! If your professional e-mail or applications related to your studies or work have been hacked, alert your organisation’s IT department.
Advice for organisations
Are you struggling to get your employees to use strong passwords across all your organisation’s accounts? Try using Single Sign On (SSO).
It allows your employees to use just one set of credentials for all work accounts.
About the authors
Laura Pooley has recently graduated from Bournemouth University with a degree in Cyber Security Management. During her degree she worked on placement as a Cyber Security Analyst at CybSafe who focus on the people side of cyber security. She is now working as an Information Security Officer at Jisc focusing on information security awareness and communications.
Davina Luyten works as Communications Officer at Belnet, the Belgian research and education network. She has a background in translation, journalism and corporate communication. At Belnet she is focusing on external communications, public relations and crisis communication. She is interested in developing cyber security awareness and on behalf of Belnet she takes part in the Belgian Cyber Security Coalition.
Read more on the GÉANT Cyber Security Month 2020: https://connect.geant.org/csm2020