It’s time to change your password

Now that we can do almost anything online from banking to shopping, turning on your bedroom lights, setting your heating and reading what the neighbour’s cat ate for breakfast on social networks, it means two things. Firstly, if you don’t like daylight there’s no longer any need to leave the house. Secondly, we need to take internet security seriously. With the ever-increasing amount of information that we are keeping online, the more at risk we are of fraud.

In recent surveys, the average user has 90 online accounts, with around 100 passwords, which is an awful lot to remember. While it may be easier, and a lot less time consuming, to have the same password for everything, this makes you an easy target for fraudsters. If that’s you, you’re not alone. On average, people reuse the same password 4 times.

The top 10 worst passwords

NordPass have put together a list of the 200 most common passwords, detailing how many times the password was used in 2021 and how long it takes a hacker to crack it.

If you’re guilty of using any of these, we suggest you change it now! The top 10 worst passwords are:

1. 123456
2. 123456789
3. 12345
   
4. qwerty
5. password
   
6. 12345678
7. 111111
   
8. 123123
9. 1234567890
   
10. 1234567
    

On average, it takes a hacker 1 second to crack the passwords above.

You can view the full list here. 

Why you need a strong password

Unfortunately online attacks are now regular occurrences. Whether the aim is to steal data to sell on or to fraudulently use personal information to access bank accounts or purchase items with your money, attacks come in various shapes and sizes.

• Frenemies – People you know who may want to access private information held on your computer or send emails in your name. They may be able to guess your password by using information they know about you.
• Social engineering – Criminals typically pose as a friend or organisation via email, asking for personal information.
• Dictionary & brute force attacks – hackers use automated programs which systematically try millions of different passwords until the correct one is found.
• Data breach – Every few months it seems another huge company reports a hacking resulting in millions of people’s account information being compromised. Earlier this year LinkedIn users were told to reset their accounts after more than 100million passwords appeared for sale online.

In essence, the stronger the password, the longer it will take to crack.

What makes a strong password?

Do’s
Your password should be a minimum of 12 characters, but ideally at least 16 characters long and consist of a mixture of upper and lower case letters, numbers and symbols. It should be as random as possible.

Don’ts
Passwords shouldn’t contain single words from the dictionary, names or places, usernames, or sequential patterns of number/letters. You shouldn’t use the same password for multiple accounts either.

3 tips for creating a strong password

1. Be creative
   Security Expert Bruce Schneider suggests taking a memorable phrase or song lyric and turning it into a password by abbreviating it. For example:
   Tomorrow! I’ll do it all tomorrow – Tmrw!I’dia2mr0w
   The Rise and Fall of Ziggy Stardust and the Spiders from Mars 1972 – TR&FoZSatSfM-1972
2. Don’t get personal
   Don’t use personal information such as birthdays, pets, children or maiden names, old addresses, or anything which could easily be guessed by viewing your social media accounts.
3. Password generators
   There are a number of websites that will generate strong random passwords for you. Some, like Passwordsgenerator.net offer sentences to help you remember the password. Most password managers also offer built-in password generator tools.

Additional security

If a website offers two-step verification, you should use it. Also known as two factor authentication (2FA) or multi factor authentication, this is when a site prompts you to enter a code in addition to your password. The code is sent to you as a text message which means that even if hackers have your password they are unable to sign in unless they also have possession of your phone.

How often should you change your password?

If you have a strong password, there is no need to change it regularly, unless it’s been compromised or shared. The Chief Technologist at the US Federal Trade Commission advises that, contrary to popular belief, changing passwords frequently can actually do more harm than good. The reason being that people tend to use patterns, and simply ‘tweak’ their previous password to create a new one. These changes are easily predicted by algorithms used by hackers.

How to keep track of passwords

Unless you’re in Rain Man’s league, you’ll unlikely be able to remember all of your super-strength passwords. That’s where password managers such as LastPass, Dashlane and LogMeOnce come in. You can store all of your passwords in one place, however, don’t forget you will need a really strong master password to access the password manager itself.