Once or twice a year we take a moment to pause and remind everyone about password security. I know, I know, it’s boring. We all know passwords are important. But we’ll take care of that tomorrow, right? Sadly, tomorrow usually means next month or next year and by then you’ve been hacked, your website has been updated with a series of links and your email account is sending out 1000s of spam emails per minute. If you do get hacked, we’ve got your back; but it’s far simpler and smarter to review your passwords. Here’s your yearly reminder.
First of all, can you find your password on these lists of the top twenty five most insecure passwords by year? If so, drop what you’re doing now and please, please, please go and set a new password.
What makes a secure password
Length. Plain and simple. The longer your password, the harder it is to crack. It doesn’t matter how many weird charters, numbers or symbols you use; take that advice and throw it the bin. Passwords are cracked simply by virtue of their length in most cases.
A computer set to the task of working through random characters can work through millions of password combinations in a remarkably short period of time.
Should I change my password often?
If you’ve been hacked in any shape or form, yes! Should you change it arbitrarily every six months, or three days, or other set window? Our advice would be no. Research shows that forcing users to continually change their passwords only encourages them to set weaker and weaker passwords that they can easily remember.
Instead our advice is…
Use unique passwords for every service and site
This sounds like a huge undertaking but its easier than you think. Instead of using the same password, no matter how strong, on every single website, consider using a unique password for every service that you log in to. If you find a particular site or service ends up getting hacked, your exposure to the attack will be limited to just that service. If someone manages to break into your Netflix account, they won’t be able to use their newfound password to go on to your bank account.
If the idea of storing hundreds of unique passwords in your brain sounds like unimaginable chaos, you’re not alone. Instead it’s much simpler to use a password management tool. My particular favourite is LastPass, but there are plenty out there and most offer at least the basics for free.
These management tools typically work across all your devices and require you to remember just one strong password. Once you’ve logged into the management tool with that password they take care of the rest. They’ll generate completely random and long (secure!) passwords for each and every website you access, and every time you visit they’ll log in for you.
Scare me some more
Really? Are you sure? Want to know how fast a computer can crack your current password? Check out this site and see just how quickly a relatively short and weak password can be cracked. You’re welcome, now go and update those passwords!