As another hacking scandal blows the collective mind of the internet, how many of us thought it might be time for a little review of our own online security? Not as many as you’d think. According to SplashData’s annual list of the most popular terrible passwords, “123456” once again clinched the number one spot for 2016.

How the Hackers Do It

These days we live our lives more and more online. Social media, shopping, banking, the list goes on. The first line of defence against hackers and identity theft? Your password.

Brute Force – A systematic attack, typically used for shorter passwords, where the hacker uses a program to check all possible password configurations until they identify the correct one.

Dictionary Attack – As the name suggests, this technique works by trying hundreds, even millions of possible passwords, based on a pre-set list of words like a dictionary.

Social Engineering – Make sure you get to know the guys in your IT team at work, and be cautious about who you give your data out to over the phone, because this technique involves a hacker pretending to be someone concerned with your security online, when in fact they’re extracting your log-in information from you without you realising who they are.

Evil Maid Attack – This type of hack can be anything that is physically done to a computer or laptop while it’s turned off. The name is derived from the idea of a hacker paying off cleaning staff to compromise your machine while it’s left unattended.

What makes a good password?

A secure password is long, random, and complex. Make sure your password is long, ideally 16 characters. Don’t just use all letters or all numbers or all upper or lower case, mix it up. Most password protected accounts will allow you to use symbols like &%?/, and if you hold down the ALT key you can access additional characters such as € and æ. Not all password-protected applications will allow you to use these characters, but an additional layer of characters means another avenue a hacker has to go down to crack your password, so give it a go.

Password Don’ts

  • Reading the above and thinking “P455w0rd” has you covered. #F@iL.
  • Use the same password on all your accounts. Even if it’s a strong password, all your accounts are compromised if it’s cracked.
  • Using personal information as your password (Birthday, middle name, dogs name etc.)
  • Using sequential passwords, or variations of the original password

Securely Storing Passwords

Secure passwords are not easy to remember and safely storing them is often where people come unstuck. Just a tip, the answer is not to write them down on a Post It, helpfully labelled by category, and stick it on your monitor for easy reference…

A good alternative is using a Password Manager. The basis of a password management system is to store and organise all your passwords for online accounts, protected by one master password (which you do have to remember). Handily, they also recognise when you’re logging on to a secure site, remember it, and populate your login details for you.

There are a couple of options when it comes to password managers: online and offline.

Online password managers are a web based service, and most use a secure database in the cloud to store your passwords. A web-based system means your passwords are accessible wherever you have internet connectivity, so on your laptop, your phone or your tablet.

Offline password managers are downloaded desktop applications installed on your computer. The benefit of this is that your passwords are stored physically on your computer, however this does mean that short of saving the data to a USB drive and carrying it around, you can’t access this unless you’re sitting at your desk.

If you choose not to use a password management service, encrypting your stored passwords is highly recommended. The process of encryption effectively turns your passwords into a series of unreadable characters of varied lengths. The most common method is symmetric key encryption, where the key used to encrypt and decrypt is the same. 

Two-step Verification

Also known as two-factor authentication, this security feature means in order to log on, you need to have access to a second device (usually your mobile) where you will receive a text, or a notification containing a code you’ll need to enter before you can log on. Why you should use it; two-step verification adds another layer of protection to your log in process. A hacker might be able to crack your password, but they can’t log on without access to your phone and the verification code.

Password Auditing

By now, we’ve read enough to know what a strong and secure password should look like. The next question is how frequently should we be changing it? Studies have shown that when regularly prompted to change our passwords, we don’t actually change them, rather we alter them in small ways so we can still remember them (i.e. password1, password2, password3…).

So are regular password changes helping or hindering our online security? The consensus is that a strong password changed once or twice a year is more secure than monthly password change prompts, which can become tiresome, and cause us to revert to bad habits.

Backups & Recovery

It’s good practice to have an external backup of all your essential computer data, particularly passwords. Backing up data means copying and archiving it, usually on an external device so you can access it in the event of data deletion or corruption.

Good password practices are too often overlooked as being too difficult and time consuming, with people falling into the “It’ll never happen to me” trap. Your password is the only thing standing between a dedicated hacker and all your personal and financial information. Investing a little time and effort now may save you a lot of hassle and heartache down the track.