01795 255 600
Posted 1 week ago by Justin Wanstall

It’s time to change your password

Now that we can do almost anything online from banking to shopping, turning on your bedroom lights, setting your heating and reading what the neighbour’s cat ate for breakfast on social networks, it means two things. Firstly, if you don’t like daylight there’s no longer any need to leave the house. Secondly, we need to take internet security seriously. With the ever-increasing amount of information that we are keeping online, the more at risk we are of fraud.

In recent surveys, the average user has 90 online accounts, which means an awful lot of passwords to remember. While it may be easier, and a lot less time consuming, to have the same password for everything, this makes you an easy target for fraudsters. If that’s you, you’re not alone. On average, people reuse the same password 4 times.

The top 10 worst passwords

SplashData’s eigth annual ‘Worst Passwords List’ was compiled from over 2 million leaked passwords throughout 2018. If you’re guilty of using any of these, we suggest you change it now!

  1. 123456
  2. password
  3. 123456789
  4. 12345678
  5. 12345
  6. 111111
  7. 1234567
  8. sunshine
  9. qwerty
  10. iloveyou

Why you need a strong password

Unfortunately online attacks are now regular occurrences. Whether the aim is to steal data to sell on, or to fraudulently use personal information to access bank accounts or purchase items with your money, attacks come in various shapes and sizes.

  • Frenemies – People you know who may want to access private information held on your computer or send emails in your name. They may be able to guess your password by using information they know about you.
  • Social engineering – Criminals typically pose as a friend or organisation via email, asking for personal information.
  • Dictionary & brute force attacks – hackers use automated programs which systematically try millions of different passwords until the correct one is found.
  • Data breach – Every few months it seems another huge company reports a hacking resulting in millions of people’s account information being compromised. Earlier this year LinkedIn users were told to reset their accounts after more than 100million passwords appeared for sale online.

In essence, the stronger the password, the longer it will take to crack.

What makes a strong password?

Do’s
Your password should be a minimum of 12 characters, but ideally at least 16 characters long and consist of a mixture of upper and lower case letters, numbers and symbols. It should be as random as possible.

Don’ts
Passwords shouldn’t contain single words from the dictionary, names or places, usernames, or sequential patterns of number/letters. You shouldn’t use the same password for multiple accounts either.

3 tips for creating a strong password

  1. Be creative
    Security Expert Bruce Schneider suggests taking a memorable phrase or song lyric and turning it into a password by abbreviating it. For example:
    I wonder if England will win the 2018 World Cup? – IwiEwwt2018WC?
    Tomorrow! I’ll do it all tomorrow – Tmrw!I’dia2mr0w
    The Rise and Fall of Ziggy Stardust and the Spiders from Mars 1972 – TR&FoZSatSfM-1972
  2. Don’t get personal
    Don’t use personal information such as birthdays, pet, children or maiden names, old addresses, or anything which could easily be guessed by viewing your social media accounts.
  3. Password generators
    There are a number of websites that will generate strong random passwords for you. Some, like Passwordsgenerator.net offer sentences to help you remember the password. Most password managers also offer built-in password generator tools.

Additional security

If a website offers two-step verification, you should use it. Also known as two factor authentication (2FA) or multi factor authentication, this is when a site prompts you to enter a code in addition to your password. The code is sent to you as text message which means that even if hackers have your password they are unable to sign in, unless they also have possession of your phone.

How often should you change your password?

If you have a strong password, there is no need to change it regularly, unless it’s been compromised or shared. The Chief Technologist at the US Federal Trade Commission advises that, contrary to popular belief, changing passwords frequently can actually do more harm than good. The reason being that people tend to use patterns, and simply ‘tweak’ their previous password to create a new one. These changes are easily predicted by algorithms used by hackers.

How to keep track of passwords

Unless you’re in Rain Man’s league, you’ll unlikely be able to remember all of your super-strength passwords. That’s where password managers such as LastPass, Dashlane and LogMeOnce come in. You can store all of your passwords in one place, however don’t forget you will need a really strong master password to access the password manager itself.

About the author

Justin is head of production at Kayo and oversees the creative output as well as technical delivery.  He has worked in web design since the early days of 1997 and focuses on pixel perfection and usability backing it up with a rock solid technical knowledge of the web.

Share on social media

Powerful web products created for you. By us, together.

Request a callback

Let us contact you

Please leave your name and email address behind and we will be in touch shortly. If you have a time preference please also select from that field.

01795 255 600

Need some help?

Call us on

01795 255 600

Email

hello@kayo.digital

Find us

The Innovation Building,
Kent Science Park,
Sittingbourne,
Kent.
ME9 8HL.