Thought you had it all figured out, creating complicated, hard to decipher passwords that will keep your personal data safe? You might want to reconsider, because recent studies have shown that the status quo is not as safe as you thought!
When using the internet you can’t avoid creating passwords to keep your information safe. Whether it’s for online banking, social media or shopping apps. The list of services that require login data to access their content is endless.
In recent years the message on how to create secure passwords has been clear: make it complex and change it often. No double-ups. However, according to a recently published journal by the National Institute for Standards and Technology in America (NIST), we need to rethink some of those guidelines.
Complex does not guarantee strength
Have you ever spent hours trying to make up a new password containing uppercase and lowercase letters, numbers, symbols, maybe turning the sequence into a secret sentence only you would remember, only to forget it again days later because it was too complex even for yourself? Now that’s got to be secure, right?
According to NIST even complex passwords can be broken if they follow certain algorithms. The Institute recommends using password testing tools which are available online for free.
Longer is better
You might have come across websites that won’t let you create passwords that are more than 8 or 10 characters long. That actually makes your password a lot more prone to be hacked. NIST suggests to have passwords of at least 64 characters. These can be generated with the use of password managers. Most websites should let you insert your password simply by copy and paste, so you won’t have to remember the whole sequence.
No more hints
The common process of creating password hints in order to obtain or reset a forgotten password is also questionable. With the amount of information we are sharing on social media these days it’s not that hard for someone to invest a bit of time and research to find out the name of your primary school teacher or your first street address.
No more changes
Some services make you regularly change your password. However, rather than creating a whole new password, most people simply swap a few characters around or add a number. According to a study by Virginia Tech, more than 16 million passwords worldwide had been reused or slightly modified, resulting in being so weak that they can be hacked in as little as 10 attempts.
How to keep your data safe
So what can you do to come up with a password that will lessen your chance of being hacked? Here are our top tips:
- Test your password: Use a password generator and regularly use password checking tools to identify weak ones that need to be changed straight away.
- Use password managers: They will store and manage your passwords for you. No more trying to remember 100 different login details, just one.
- Stop regular changes: Unless a password has been identified as weak, you shouldn’t have to change it every so often.
- Make it longer: Rather than relying on composition rules, generate passwords that are longer, at least 10 or more characters.
- Disregard hints: When asked for password hints, choose the hardest questions available or consider lying. Yes, that’s right. Most password recovery questions ask for data that can be easily obtained through social media, making it possible for other people to get a hold of your password.
- Recreate rather than modify: If for whatever reason you do have to change your password, refrain from simply swapping, changing or adding a few characters to your old one. Superman123 is not considered a safe password!
- Be creative: Passwords don’t have to be complicated, but avoid using sequences such as ‘12345” or ‘qwerty” as well as actual words or brand names. Neither should you use the same password, whether exactly or modified, for multiple accounts. Check out the list of the Top 100 weakest passwords people still regularly use ()
And obviously, never ever share your passwords with anyone!