With cybercrime paranoia on the rise, including increasing concerns about fraud or identity theft, cybersecurity company Bullguard has offered useful tips for refreshing your online passwords in time for World Password Day on 3 May.
Bullguard’s experts particularly warn against using simple passwords such as ‘password’ or ‘qwerty’ that can easily be discovered by password cracking programs that make multiple guesses at high speed to break into users’ accounts. A simple password can be cracked in seconds, so the harder the better.
If the thought of remembering a complex password fills you with dread, then beware of using it on multiple accounts. Hackers also use programs that can enter stolen names and passwords on thousands of sites, giving them access to mountains of valuable data, including bank account and credit card details.
Bullguard also warns users not to rely on their own good security housekeeping, as the same may not apply to sites where their data is stored.
Suggesting good password practice, Bullguard suggests a phrase or sentence combined into one word. This could be a song lyric, the opening line of a novel or a common phrase used by a relative. Adding a few numbers and symbols helps keep it even more secure, and the longer the better – it may be a slight inconvenience to type, especially if the login screen shows a series of asterisks, but imagine how obscure it is for the hackers.
Avoid using the same password for multiple accounts, and make sure that your email account uses a unique password. If not, once an ecommerce site is hacked, your email account is likely to follow.
Many websites now use two-factor authentication, which adds an additional layer of security. If available, it helps to reduce the risk of identity theft, phishing scams and online fraud.
Bullguard recognises the issue of remembering multiple complex passwords, and suggests using a password manager, which automatically creates strong passwords and securely stores them for each online account. Unsurprisingly, it also recommends its own protection plan, which scans the web for any signs that your data has been made public.