Every year on the first Thursday in May, World Password Day rolls around and brings a timely reminder to reassess what we think we know about password security.
Created in 2013 by cybersecurity professionals, World Password Day aims to raise awareness around the importance of the password and its role in keeping our information safe and secure online. Today, passwords are the stalwart gatekeepers to our digital lives, enabling us to shop, bank, work, socialise – and even date – safely online every day.
But the thing about passwords is they’re only as secure as we make them. We’ve seen a rise in the volume and frequency of cyber attacks, but despite this, people still fail to heed advice, putting their security at risk. As many as 88% of people reuse passwords across multiple sites, and almost a quarter (23%) have been using the same password for a decade.
Other guilty parties use variations of easily-guessed passwords like ‘password123,’ loathed by IT administrators everywhere. It’s no better when we try to put a personalised spin on our passwords, with more than half (52%) of people using easily-identifiable information such as pet names, song lyrics and names of loved ones.
These are the five commandments of password security to ensure your data remains under digital lock and key:
Thou shalt use strong and unique passwords
The cardinal rule of password security is to use strong and unique passwords. These should be at least 14 characters, use upper and lowercase letters, numbers, special characters and words unrelated to your personal information.
The next step is to use a passphrase rather than a password. This means using multiple, unconnected words or phrases. Constructing your password in this way can add decades onto any hacker’s attempt to bruteforce your password, more so than using a shorter password and replacing the letters with characters, for example, ‘p@55w0rd.’
Thou shalt not reuse the same password across multiple sites
Reusing the same password across multiple sites increases the likelihood of your information being breached exponentially. When you do this and just one of those sites’ databases is exposed, you’re vulnerable to credential stuffing attacks, where hackers attempt to use your leaked credentials across other sites.
Some password managers identify the accounts you’re using the same passwords for, and you can use resources like haveibeenpwned.com to check whether your information has been compromised.
Thou shalt enable MFA
By now, most internet users will be familiar with MFA (multifactor authentication), which requires multiple pieces of information to verify a login attempt. This involves sending a token to a designated email address, phone number or authentication app, or using a physical key.
Even if someone acquires your password, they’d be denied access to your account until the attempt is verified by one of the above options – selected by you.
Thou shalt use a password manager
Using a password manager ensures you’re hitting all these bases and more. We outlined how strong and unique passwords are the digital bread and butter of online security, but when the average person juggles 100 passwords, keeping track can be tricky, particularly if you follow guidelines and make them complex.
A password manager like Bitwarden can store credentials for more than 200 accounts, keeping information secure by encrypting it so that it can only be accessed by one master password. It can also store payment details for seamless checkouts, autofill web forms and keep personal data like passport numbers, addresses and other identity-related information private.
Some feature password strength testing tools which evaluate your password, providing insights into any weaknesses and suggestions for how to improve its security.
Thou shalt not share logins without knowing the risks
In a cost of living crisis, it’s unsurprising that 36% of people are resorting to sharing logins for paid services such as TV and music streaming. To share is to be human, but it also doubles (or more, depending on the number of users) your risk of a breach.
Sharing logins is a reality for many of us at work and at home, but we must acknowledge it comes with risk. Many services now offer sharing accounts, but for situations where you need to share one account with family, friends or a colleague, there are solutions. The best method is employing a password manager that lets you securely share credentials with another party – some do this without ever revealing the password to that person.