February 1 is International Change your Password Day – time to look at yourself and your device, and ask the question: Do I practice good password hygiene to keep my online life secure?
The odds are that you aren’t. And this could have serious implications for your bank account and private life.
Size isn’t everything
When it comes to passwords, size isn’t everything. In the SplashData 2018 ratings of the worst passwords, the biggest mover in the top 5 was 123456789 – up three places to third position – while 123456 and “password” clung on to their respective first and second positions.
2017 | 2018 | |
1 123456 | #1 123456 | No change |
#2 password | #2 password | No change |
#3 12345678 | #3 123456789 | Up 3 places |
Qwerty | #4 12345678 | Down 1 |
12345 | #5 12345 | No change |
123456789 | #6 111111 | |
Letmein | #7 1234567 | Up one |
1234567 | #8 sunshine | |
Football | #9 qwerty | Up 5 |
Iloveyou | #10 iloveyou | No change |
123456789 shows that size alone doesn’t make for a secure password. Additional factors include the complexity of the password with its mix of letters and special characters, how many times the password has been reused across various accounts, and whether these passwords have been leaked somewhere else.
Here’s our 6-point guide to better personal password management – regardless of whether you use a password manager or keep those passwords written down at home.
1. Start by getting creative
It’s tough enough to create a secure and memorable password that combines 12 upper- and lower-case letters, numbers, and special characters – that’s why you need to be creative. Take a memorable sentence, event, or tongue-twister – and use this as the basis of your password. Let’s take the Oscar-winning film One Flew Over the Cuckoo’s Nest as an example. This can become 1flwOvr*Cuku: It meets the requirements in terms of size, complex mix of characters, and – most importantly – you might even be able to remember it.
2. Recycle everything (just not your passwords)
Everyone knows the recycling drill: Separate waste into different containers for paper, glass, compost, food scraps, and trash. There’s a great logic to it: Empty bottles can be refilled and food scraps eventually transformed back into food. However, there’s absolutely no recycling bin for passwords.
In practice, though, password recycling is quite common. An Avira online poll[i] last year found that 26% of respondents admitted to recycling passwords between various sites. While people know on an intellectual level that giving hackers a “one-password opens all” solution is bad, it’s still the easiest approach to dealing with password selection.
3. Don’t be a serial passworderer
Growing up with thrillers and mysteries, we’re familiar with the pattern: The criminal repeats their modus operandum, uses the same weapon, and stalks the new victim in the same way. Police put the clues together, add a bit of deductive logic, and voila – they have the suspect.
With passwords, people often do the same. They have a base password, then they modify it slightly for additional accounts or mandatory password changes. This can be as simple as 1password, 2password, 3password or more complex such as 2flwOvr*Cuku. A survey of Avira users found that 26% admitted to using the same root password – but tweaking it slightly as needed. The problem is that hackers also know this modus operandum and fight against it with brute force attacks.
4. Change passwords like your socks
Passwords are just like socks: They should be changed on a regular basis – and more frequently after getting mud on them. Even secure passwords should be changed. It’s not about you – the reality is that it’s impossible for you to know how other people are handling and safeguarding your data. Then there’s the mud: If you’ve entered your details into a suspected phishing site or if your account provider has been hacked, you’ll need to change your account details ASAP.
5. Take the best approach that suits your needs
It’s important to take the best approach that suits your needs when it comes to creating and remembering passwords. If you have just one or two passwords and you do all your online shopping exclusively on your desktop computer, you can create secure passwords and remember them using a yellow sticky note management system. If you’re on the go and use a variety of devices and accounts for your online activities, it’s time to look into a password manager that can create, critique, and sync passwords between devices.
6. Improve your status
More often than not, most of us have already been online and accumulated a variety of insecure passwords and accounts before we’ve even thought about getting a password manager. As there is no clean slate, a good password manager helps you improve your cumulative security status – uncovering repeated passwords, looking for hacked accounts, and helping you to create passwords.
[1] (1)Avira online survey conducted in August 2018 within Germany with 718 respondents having an age range of 20-65.