Choosing Secure Passwords

Probably the easiest way to compromise an online account is to simply guess the password and as such these attempts are commonplace. There are ways you can minimise the risk and protect your accounts and the personal and financial information they contain

Avoid Personal Details and Common Phrases

Avoid including personal details such as your name or date of birth in your password, if that information is already known to an attacker than it will make the password far easier to guess.

Avoid using a common word or phrase for your password. Attackers will often run automated password cracking software and could try a ‘dictionary attack’, that is it will attempt to guess your password using a pre-existing list of common words. This is much quicker than trying every possible combination. Adding a number to the end of a common word will do little to help in this situation as this trick is well known and some dictionary attacks and word lists will allow for it.

Use long password with varied characters

Make your password a good length and include letters, numbers and other characters. Try to include other characters such as $, % or ).

Another way attackers will attempt to crack a password is by brute forcing it i.e. trying every possible combination it could be. The difference in time this takes based on password complexity is staggering, let us assume we can make ten million guesses a second-

A 6 digit password using only lowercase letters has just short of 310 million combinations, so around half a minute to crack maximum.

An 8 digit password using upper and lowercase letters and numbers has 218,340,105,584,896 combinations, that will take approximately 250 days worst case.

A 10 digit password using letters, numbers and other characters has 4,923,990,397,355,877,376 possible combinations. To have that password definitely cracked today you would have had to have set the machine running around 13,000BC, around 15,000 years ago.

Complexity and length makes a huge difference to password security.

Different passwords for different accounts

Whilst using the same password for multiple accounts makes them easier to remember, it also makes them less secure. You risk making all your accounts only as secure as the most vulnerable one.

There have been a lot of high profile data breaches and websites are available where you can search to see whether an email address has an associated password in one of these. It could have been an account you have forgotten about, but in this situation using the same password for every site immediately makes all your other accounts vulnerable.

Use 2 factor authentication where possible

Many sites now offer 2 factor authentication for logging in or resetting account passwords. 2 factor authentication means that a site requires a 2^nd way of authenticating a user rather than just a password.

The 2^nd authentication method can take many forms, in the physical word this can be biometric such as a fingerprint or require an accompanying piece of hardware like a key fob or smart card. Online many sites use SMS verification (although there are security risks to this) or a companion app.

Everyone should use 2 factor authentication if they can to give their account a measure of security beyond a password that can be lost or guessed.