Password Security Guidance

April 6, 2018
Clock Icon 4 min read

Passwords are important. They help your personal accounts stay private and secure but, if you’re guilty of reusing, rotating, or using notoriously easy passwords, you are leaving yourself open to an account breach. Therefore, you should know what makes a strong password so that you can ensure the maximum security for your sensitive information.

Creating a strong password for an online account

Why is Password Security Important?

Repeatedly using the same passwords or using ‘weak’ passwords can leave you vulnerable to hackers. If a hacker cracks your passwords, they could gain access to your social media accounts, bank accounts, emails and other sensitive accounts that hold your confidential, personal data. If someone obtains access to this information, you could become the victim of identity theft. Therefore, creating a strong password is vital.

Password hacking is often carried out in one of the following ways:

  1. Brute force attacks. A hacker uses automated software to guess your username and password combination. The software tries every possible character combination and will try the most commonly used passwords first, so weak or common passwords can be relatively simple for a brute force attack to crack. While this method will eventually crack your password by cycling through every possibility until it matches your character combination, you can make it take a very long time by using a complex password.
  2. Dictionary. With this method of hacking, a hacker will run a defined ‘dictionary’ against your passwords. This dictionary also includes the most common password combinations, therefore it is a relatively easy and quick way of hacking into weakly protected accounts. By using a single-use, strong password for each account, you should be able to protect yourself from a dictionary hack.
  3. Phishing and social engineering. Accessing someone’s password using a phishing or social engineering attack is not technically a type of hack, but it provides the ‘hacker’ with access to your passwords and confidential information. This in turn allows them to access your accounts. Phishing occurs when a hacker targets you with spoofed emails that look like they come from legitimate organisations, while social engineering is real world phishing (i.e. over the phone).

The repercussions of identity theft can be long lasting and they are not only limited to financial problems. The victim could also face a range of emotional implications, including stress and anxiety. Therefore, it’s important that you take measures to protect yourself from the burdens of having an account hacked.

expert icon

Need a Course?

Our Introduction to Cyber Security Course raises your awareness of the risks to information security, such as cyber attacks. It will help you to understand what measures you can take to help prevent unauthorised access to confidential information in the workplace.

Password Security Tips

If you want to keep your accounts and personal information safe, it’s vital that you understand how to create a strong password. Are you guilty of using ‘1234’, ‘admin’ or ‘password’? If you are, it’s time for you to work on your password security. Below we have compiled a list of helpful tips so you can be sure that your accounts are secure.

To create a secure password you should never :

  • Use your name, family member’s names, important dates such as anniversaries and birthdays, special places, the word ‘password’ or sequential lists of numbers or letters. All of these are far too easy to crack, and you should avoid them at all costs.
  • Use dictionary words. When hackers attempt to access your accounts, they run various dictionaries against your passwords in an attempt to crack them. This includes both English and foreign words and phonetic patterns. So while you might think that opening a dictionary and picking a word at random is safe, it’s not. Hackers are also able to scan for common substitutions, so substituting ‘@’ for ‘a’ or ‘!’ for ‘l’ doesn’t help. Under a brute force attack, a random word with common substitutions and numbers or symbols added onto the end would only take around 3 days to crack.
  • Write your password down. If you write down your passwords and leave them somewhere accessible, especially near your computer, it makes it easier for people to access your accounts. Instead memorise your passwords and keep them private.
  • Enter a password over an insecure Wi-Fi connection. Everywhere you go there is the opportunity to connect to an insecure Wi-Fi account, including cafes, book stores, restaurants and shopping centres. It might seem okay to connect to these and enter your passwords to social media and email accounts, but hackers can easily intercept your private information.

importance of password security

Instead, it’s important that you:

  • Set different passwords for each account. Consider your current password situation. Do you use the same password for Facebook, online banking, Amazon, etc.? Would cracking one password allow a hacker to enter multiple secure accounts? You should always set a different secure password for each of your accounts to ensure maximum security.
  • Use long passwords. The longer the password the more secure it is. Ideally, you should aim for a password that’s 12 characters or longer but, if you want to go shorter, ensure it’s not less than 6 characters.
  • Mix letters, numbers and symbols. Additionally, you should use a mix of lowercase and uppercase letters to help create the most secure password possible.
  • Use a string of words, such as ‘allotmentcarrothumaneats’. By using four separate words that you find easy to remember, you will make it much harder for automated hacking software to guess. This method could increase the time taken to guess your password from a few days to over one hundred years.
  • Change automatically generated passwords. When you sign up to some companies, you receive an automatically generated password. You should change this to your own as soon as possible.
  • Make use of the password analysers some companies use. Are you told your password is ‘weak’ when you enter it? If you are, you should take note of this and make some changes.

Your passwords will never be 100% hack-proof, but by using the tips outlined in this article you will be able to ensure a high level of protection for your accounts. 

What to Read Next: