Choosing A Password. Stronger Is Safer

We spend more of our lives online these days: online banking, social networking, shopping – all of which require passwords to keep our accounts and information safe. It’s absolutely vital to choose good, powerful, passwords that aren’t easy to guess to keep our details safe and secure.

While it’s unlikely that you’ll be directly targeted, fraudsters try all sorts of methods to discover people’s account information. The better your password, the less likely they are to be able to stumble upon it and into your account. So, whether you’re creating a new account or updating a current one, when it’s time to choose a new password consider the tips below…

Three common techniques cyber thieves use to guess your password:

1. Social engineering: This method is finding out about people and using that information to guess your password. For example, many people use pet names, favourite sports teams, birthdays, family members, number plates and even phone numbers as password. These are all easy to remember, but also quite easy to guess if someone knows a little bit about you.

2. Brute force: This method lacks subtly and is the electronic version of forcing a lock. The criminals use a computer to try many combinations of characters to try to discover a password. Basic attacks use a dictionary list and try all real words. More sophisticated attacks add upper and lower case, special characters and numbers to the mix. Even sophisticated attacks can take a very long time to guess a complex password. Simple passwords using everyday words can be guessed relatively quickly.

3. Phishing: Here, fraudsters create a fake website that looks just like a real site for your bank or another service. When you type you user name and password into this site, it captures your details and saves them. This is a very dangerous type of attack as it is often hard to spot you’re not on the real site. You can be directed to these websites by fake emails pretending to be from your bank or account provider, or even redirected from the real site by a virus. If you ever have suspicions about the site or the information it is asking you for, stop using it immediately and get in contact with the company through means you know are safe, such as an email address or phone number.

Password Tips

Strong passwords: You may have noticed some websites give a rating to your password as you create an account. This is often referred to as password strength and is an indication of how difficult it is to guess or ‘hack’. The trick with passwords is to make them strong enough so they can’t be hacked while still keeping them easy enough to remember.

Mixed case passwords: Adding upper and lower case characters to your password makes it much stronger – not just at the start of words. “orAnGEJuICe” is much safer than “Orangejuice”

Special characters: Special characters are considered anything that isn’t a letter or a number. Using the alphabet and numbers, you have 62 characters to choose from. Add special characters and this jumps up to 200 – 300 characters! Special characters can include symbols such as “, * $ { ; ‘ or #. There may be some restrictions on what symbols you can use, but these will usually be listed on the website.

Length: The longer your password, the harder it is to guess. Simply put, longer words take longer to discover. This is one reason many websites set a minimum length for your password.

Top tips

Don’t give your password to strangers

Consider where you are using your password and who could be watching. If you’re using a computer in a public place, always make sure you have logged out of your account before you leave the machine.

If you receive an email that looks genuine, don’t click the links

It’s also safe to say that your bank won’t email you asking for your details, and the same can be said for online stores and retailers. No matter how genuine they look, never respond to a request for your full account information via email or phone. Open your web browser and navigate to the website yourself, or call them on a trusted number. That way you know that you are using your password on the correct website. If the website ever asks you for more information than it usually does, such as complete secret information when it normally only asks for a few characters, stop and contact them to make sure everything is right.

Use a different password for each website

When you use a different password for each website it limits the damage that can be done in the unlikely event that someone does get one of your passwords. If you have the same password for all your accounts, a cyber criminal can easily gain entry to other sites once it has access to one.

Use a pass phrase instead

In most cases there is nothing to stop you using a pass-phrase, this is a saying or sentence that you can easily remember. For example your shopping password could be “this is my supermarket password”. When you combine this with mixed case and special characters you could end up with “This15mysup3rmarketpa$$w0rd”. It’s easier to remember than to guess. Bear in mind the comments above about using different passwords above – this goes for phrases, too.

Make your pass phrase unique

For even more security, recent advice states users should try to stay away from using whole words in their passwords. This applies even if you are substituting letters for numbers and symbols. The reason for this is the dictionaries hackers use to break into accounts have evolved to contain varients of full words with such substitutions.

So, instead of “This15mysup3rmarketpa$$w0rd”, you could use the first and last letters of each word to make “Ts15mystpd”. This is still memorable due to the associated phrase, but even harder to guess.

Don’t wait to change your password

If you ever suspect someone may have got your password, change it as soon as possible. If, having read these tips, you feel you need to make changes, do it straight away. The sooner you act, the sooner you can start to protect yourself online.