It's World Password Day again on May 2. This annual celebration has been going for a few years now, and aims at raising awareness of the importance of choosing good passwords for your online accounts.
Given the rapid rise in identity theft, it's surprising just how common bad passwords still are. Believe it or not, many people still use '123456', 'qwertyuiop', or even 'password' to log into their social media accounts or (even worse) their online banking services.
If you don't believe me, take a look at the list of the weakest passwords in 2018. See what I mean?
What is world Password Day?
World Password Day was created to address this problem. It's the only time of the year when the importance of strong passwords is mentioned by the newspapers, and so is very important for people who don't think about IT security everyday: that is, normal people.
Every World Passport Day, plenty of resources on choosing strong passwords appear. Though most of us know the basics of how to choose good, secure passwords, it can't hurt to take a refresher course every now and again.
So, in honor of World Passport Day, let's look at how to create and use strong passwords.
How to Choose a Strong Password
There are a few things to bear in mind when it comes to choosing a good password:
Check your Existing Passwords
First of all, you should check how secure your passwords are. Many of us have accounts that we don't use that often, and that we signed up to in a rush. In those circumstances, it's easy to get lazy and choose a password that isn't secure.
In addition, advances in password-cracking technology means that hackers get more sophisticated by the year, and some passwords that were secure even a few years ago aren't any more. The first step to keeping yourself secure online, therefore, is to make sure that all the passwords you are using are secure.
Don't Make Your Passwords Obvious
It sounds obvious, but don't choose an obvious password. If you are reading this article, you are probably not the kind of person who uses 'password' as a password, but even the best of us sometimes make similar mistakes.
For instance, using your cat's name for a password is a bad idea. You might think no-one but you knows the name of your cat, and that might be true right up to the point that a hacker looks at your facebook page.
The same goes for any piece of information that can be easily collected: your birthday, your wedding anniversary, the road you grew up on, etc. The best passwords have no relation to any real-world fact about you.
Make Your Passwords Long
Another basic piece of advice is to make your passwords as long as humanly possible. Standard brute-force password crackers work by trying thousands of different passwords a second, and seeing if each one works. This means that longer passwords are much more secure, because a password that contains 12 characters will take eons (literally) to crack in this way.
Of course, the longer you make your password, the more difficult it is to remember. That means that using strong passwords either requires a good memory (a bad approach) or using a password manager (a much better approach). I'll come back to password managers, and how great they are, shortly, but for now I have one piece of advice: get one.
Generate Strong Passwords
If coming up with a long list of long passwords sounds difficult, don't worry. There are plenty of online services that will allow you to quickly and easily generate super-long, super-secure passwords. These services are optimized to generate passwords that are hard to crack, and so you can be sure that your accounts will stay safe.
Using one of these services will typically give you a password filled with unpronounceable symbols, upper- and lower-case letters, and long strings of numbers. This, in turn, can make the passwords generated in this way a bit tricky to remember. Unfortunately, and to repeat the point above, there is only one way around this difficulty: use a password manager.
Change Your Passwords Regularly
If you've completed all the steps above, congratulations: you now have secure passwords on all your online accounts. Unfortunately, however, that's just the beginning.
You also need to change your passwords regularly. Recent years have seen an increase in the number of large-scale leaks and hacks of customer data, and when these occur they can compromise the passwords of thousands of customers at once.
For this reason, you should set a date (perhaps quarterly) where you change all of your passwords. Doing this is not such a hassle once you get into the habit of it, and the alternative – having your accounts hacked – is going to generate a lot more work!
There is one caveat here, though. If you find that the hassle of changing your password frequently is making you lazy about choosing new, good passwords, don't do it. It is better to stick with a secure password than change it to something obvious just because you feel you ought to update it.
The Next Steps
If you've followed the steps above, you should now have secure passwords on all your online accounts. Well done, you've truly embraced the spirit of World Passport Day!
If you want to go further (and you probably should), you can also improve your cyber security in a number of other ways, each of which adds a powerful extra level of security onto your system.
Use a Password Manager
As I mentioned above, a password manager is a powerful way of increasing your security online. These add-ons typically plug into your browser, and automatically supply a password to every site you visit.
The huge advantage of password managers is that you do not have to remember your passwords. This means, in turn, that you can make all your passwords really long, and really secure. Even better, you can use a different password for every single site you visit.
Use Multi-Factor Authentication
For many of the services you use online, you might not even need a password. This is because many companies (most commonly banks, and other high-security sites) have started to use multi-factor authentication. In these systems, you will need another piece of information beside your password in order to log in. This piece of information can be anything, but is typically your fingerprint, or a code sent to your phone.
You should use these systems wherever they are available. They add an extra level of security on top of your password, and make it almost impossible for your accounts to be hacked.
Encrypt Your Connections
The ultimate level of cyber security is to encrypt everything you do online. This is typically done using a VPN (Virtual Private Network) client that plugs in to your browser, and provides an encrypted 'tunnel' between you and the site you are communicating with.
Encryption means that, even if someone manages to intercept your data, they will not be able to read it. This is particularly useful when using public WiFi, because this kind of network is typically highly insecure.
You can choose the best password in the world, but if someone can intercept it, it becomes worse than useless. In order to protect your passwords, you should therefore always use a secure connection to send them.
World Password Day
World Password Day might not be as exciting as other holidays, but it is arguably just as important. It provides us all with a reminder of the importance of choosing secure passwords, and of keeping ourselves safe online.
So whatever you are doing this May 2, take a moment to review your cyber security measures. Trust us, in the long run it will pay off.