In today’s digital societies, more and more of the most important things that we do take place online. From accessing our bank accounts, to online shopping, to communicating with employers and loved ones, it’s not uncommon for one person to have between 30 and 100 separate online accounts that they’ve registered for over the years using the same email address. Successive investigations into password use, however, show that there are still important lessons to learn about keeping all of these separate accounts safe.
“There’s some evidence that women are slightly more thoughtful than men when it comes to selecting secure passwords,” says Lebo Madiba, Chief Marketing Officer of South African cybersecurity specialist Ansys Limited, “But really everyone needs to be more careful.”Madiba cites security researcher Mark Burnett of Xato, who analyses tens of millions of passwords per year which are leaked onto the internet from service providers. What Burnett, and many others like him, reveal is that the most common passwords haven’t changed, and they’re desperately easy to crack.
The top five passwords in use are:
“Women are slightly more likely to write these common passwords backwards, or mix them up. So “drowssap” or “wasspord” are used a little bit more often – but really they’re no safer.’’ The challenge, says Madiba, is that password cracking software can test hundreds of thousands of words per second to try and break into protected data. Software used by criminals focusses on passwords that are common or have been leaked online previously, and patterns that people use to make their passwords safer. “Adding a digit or birthday at the end of a word doesn’t add much in the way of protection,” Madiba says, “Nor does swapping letters for numbers, like p4ssw0rd.”
There is however, an established best practice for protecting online accounts.
Never reuse a password
Data is often leaked from online services. In the US recently, over 140 million people’s personal records were lost from credit scoring agency Equifax. If you use the same password for two services, if the first one gets hacked or lost, the second one is also vulnerable.
Use long, difficult to guess passwords
Hackers are very good at guessing passwords that use common words or patterns. The safest passwords are made up of 15 or more random characters, including capital letters, lower case, numbers and symbols.
Use a password manager Good passwords are hard to remember
Password management software will store all your passwords in a secure vault, so that you only need to remember one master password to access them all.
Activate two-factor authentication
Many of the world’s most popular services, such as Google, Facebook and Dropbox, can be protected with two-factor authentication. This means that as well as a password, they require an extra step such as an SMS code, an authentication app or a physical USB key plugged into your PC, before they’ll allow access. Protecting passwords isn’t easy, which is why it’s essential that everyone uses a password vault of some kind.