How to Manage Your Computer Passwords Like an IT Pro
Could you be smarter with your computer password management?
Nine out of 10 Australians know it’s a security risk to use the same password on several accounts, yet more than two-thirds of us do so, according to the Psychology of Passwords Global Report.
Chances are higher that cyber hackers will guess weak passwords. Automated software lets them attempt billions of passwords per second.
That’s why a simple ‘password’ you might have used a few years ago is now much less secure.
Habits must change
As well, today’s hackers know much more about passwords than they used to. They use algorithms based on your personal information, habits and through a combination of identity theft and observing our daily routines such as on social media to approximate your password.
Think of words as your friend, but NOT for your password! There is an inverse relationship between how memorable a password is and its security strength.
You may have fallen into this trap, assuming you’re creating a complex password that’s difficult to predict. These are some of the common mistakes:
- Using a meaningful noun such as a name, place, or hobby
- When we’re required to use both upper and lower cases, we’ll capitalise the first letter of the noun-based word
- Use repeated characters, single words, or number sequences
- Opting for a simple ‘1’ or ‘2’ if the password needs to have a digit, and
- If asked to include a symbol, invariably, we’ll end with ‘!’ or ‘#’.
Those approaches might make remembering passwords easy for us, but means they’re more accessible for the modern-day hacker.
The top risks of poor passwords
Here’s what you risk if you don’t act now to strengthen your password or passphrases. The Australian Cyber Security Centre says cybercriminals can:
- Steal your identity
- Alter files on your computers, including invoices
- Send emails from your accounts
- Take control of your social media accounts, and
- Withdraw funds from your bank accounts.
The next time you come across the message ‘your password is weak/not secure/does not meet the requirements’, follow these tips to do better and stay a step ahead of hackers.
1. Mix and match letters and digits
You can still use words, but substitute certain letters with numbers and symbols. Use ‘3’ instead of ‘E’, ‘8’ for ‘B’, ‘9’ for ‘G’ and zero for ‘O’, for example. Use ‘!m@61N4710n’ instead of ‘Imagination’.
Remember NOT to capitalise the first, but go for other letters in the word. You can also substitute letters or diphthongs that sound alike:
- ‘f’ for ‘th’
- ‘z’ for ‘s’
- ‘ee’ for ‘ea’, or
- ‘oy’ for ‘oi’, etc.
And a good yardstick is to have at least four words and 14 characters in your password/passphrase. Longer means stronger! Bolster your password against hackers by not using any dictionary words, your postcode, or your birthday.
2. Multi-factor authentication
Companies host the accounts for software, email etc that you use. Those companies have password policies that vary based on the type of account you have with them. If a bank provides you with a personal account, they’ll probably ask you to have a login ID or username as well as a password to access their online services. However, that same bank might have another layer of security – multi-factor authentication – for a business client.
Multi-factor authentication is the step after the initial step where you have entered your password. It could involve:
- Sending a code via a phone call or text to your smartphone or email address
- Randomly generating a frequently changing code like a PIN, they’ll send to an authenticator app
- A fingerprint or biometrics data, or
- A frequently changing code on an authenticator device such as a digital keyring device.
This means the hacker will need access to those devices, too, to infiltrate your accounts. Alex Weinert, the Director of Identity Security at Microsoft, says “based on our studies, your account is more than 99.9% less likely to be compromised if you use multi-factor authentication”.
3. A Unique Password for Each Account
As creatures of habit, we often use the same password across multiple accounts. So if a hacker cracks open one of your accounts, they have the key to get into much more. They tend to enter at the weakest security point, such as an online promotional store.
Limit the damage they can do by having a unique password for each account. If you’re stumped for new ideas in creating your next unique password, check out a secure password generator, such as this one.
4. Go Natural with Biometrics
Biometrics are unique to you – no one can naturally have what you have. Your fingerprints, iris scans, faceprint, palm, signature and voiceprint can be used to authenticate you on most modern PCs and smartphones.
Otherwise, biometrics can be handy in slashing the time it takes to authenticate you to access your accounts. This technology is becoming almost instant. Keep in mind, too, that under the Privacy Act 1988, any organisation or agency collecting your biometric information must first ask for your consent in most cases. It’s considered sensitive information. Professional services consultancy KPMG says it has a “non-zero chance of false negatives”, which tends to affect vulnerable communities and minorities disproportionately.
5. Opt For a Password Manager
The best way to keep your accounts safe is to use long, random complex passwords that are unique to each account. This can be problematic to remember. It’s like having many different keys to a vast range of doors in your building, so it can be time consuming to find the right one.
An easier way is to store them in a password-protected (of course) password manager so you can refer to them when needed. It could be a soft copy (on your password-protected PC or smartphone, etc) or in print form (a notebook stored in a safe place). There are pitfalls with both of these options.
This is where the password manager comes in. They’re specialised apps to store your valuable credentials in an encrypted environment which is also master-password protection. We recommend password managers including:
- 1Password, and
They are stronger than the most basic option for a password manager, such as the browser-based Google Chrome, Samsung Pass on Galaxy devices, but it’s not designed to be a password manager. Apple’s version, iCloud Keychain won’t let you export passwords.
For more insights into passwords and other cybersecurity issues, contact one of our Little Computer People stores for expert help from a qualified technician.
© Little Computer People