The importance of strong passwords and good password management
Despite the rise in alternative login methods, passwords still reign supreme as the dominant security measure for our online accounts. But many people don’t treat password security as seriously as they should.
This is demonstrated perfectly by the annual password report produced by NordPass.
Top 8 passwords globally - Image Credit: NordPass
In their list of the 200 most popular passwords, ‘123456’ was found to be the most popular password worldwide.
Importantly a lot of the data for this research comes from looking at passwords that have been compromised through data breaches.
So despite being incredibly insecure, 123456 has now been the most popular password for nearly a decade.
Hopefully, if you’re reading this, you aren’t using 123456 as your password. Or any of the other passwords that appear on the list, for that matter.
But if you are, then this guide is going to be incredibly useful for you. Here we’ve put together our top 5 tips for safe password management.
Test the strength of your passwords
Strong passwords are essential for any site or account that you use. Long convoluted passwords may be frustrating but they can make all the difference preventing having your data stolen.
The best practice is to create a password that uses at least one uppercase letter, a number and a symbol. It should also be at the very least 9 characters in length, but the longer the better.
If you are unsure about whether you’ve created a strong password, there are tools online that can help.
The two sites below allow you to test the strength of your password. They also check if your details have been published in any data breaches.
https://nordpass.com/secure-password/
https://password.kaspersky.com/
Never use the same password
According to research from IBM, only 12% of people always create a new password when setting up a new online account. That means nearly 90% of people are regularly re-using passwords, even though they are aware of the risks.
Re-using the same password across multiple different sites and accounts leaves you vulnerable to people trying to steal your information.
An incident reported by Forbes during the pandemic found that more than half a million Zoom account login details were made available in crime forums on the dark web.
Many of these passwords were used in ‘credential stuffing attacks’ where hackers gained access to multiple accounts by using the leaked credentials. The only reason these attacks are successful is because of the prevalence of password re-use.
Regularly Check for data breaches
The habit of re-using passwords makes it all the more important to check for data breaches regularly.
One of the most popular sites for checking if your details have been compromised is haveibeenpwned.com. This website was created by Microsoft Regional Director and web security consultant, Troy Hunt. It allows you to enter either your password or email address and check whether any of them have been leaked in a data breach.
While it’s not a perfect solution it should help highlight if you need to change any of your login credentials.
Use a password manager
These days, the average person has around 100 passwords they need to manage. This makes password managers one of the most useful tools available in the modern age.
A password manager is simply a piece of software that allows users to store, generate, and manage their passwords. Password managers automatically generate extremely strong passwords, making your accounts much harder to breach.
With a password manager, you only have to remember one master password for your account. In most cases, you can also combine this with two-factor authentication to make your account extra secure.
Use multi-factor authentication
When you log in to one of your online accounts using your login details, you are going through a process called ‘authentication’. Multi-factor authentication is where users have to provide multiple ‘factors’ to prove who they are. Username and password is often the first factor, this is then combined with another factor. The three most common types of factors are:
Something you know - Like a password, or a memorized PIN.
Something you have - Like a smartphone, or a secure USB key.
Something you are - Like a fingerprint, or facial recognition.
Microsoft provides a free smartphone app called ‘Microsoft Authenticator’. This can be linked to everything from your email accounts to your social media. The app provides a code to be entered when logging in, which adds another layer of security.
Biometrics are also becoming increasingly common. If you regularly use mobile banking you’ve likely been asked to use your fingerprint or take a selfie to verify a payment at some point.
The importance of good password management cannot be stressed enough. But using the tips we’ve outlined here, you can be confident that you’re doing everything you can to protect your details online.