13 Tips for Password Security
1. Avoid the obvious
Don’t use your name, the word ‘password’, your username, your date of birth, your website name or similar. You may be rolling your eyes at this advice because it’s the most obvious in the world, but there are a surprising number of people still doing this.
This is particularly important if you’re setting up an account for someone else as they may not remember to change the initial password you’ve given them.
2. Change assigned passwords
If you’re assigned a password rather than choosing your own, change it at the first possible opportunity. Not only will it make it easier to remember, but it will save you hanging on to old emails.
3. Don’t write your passwords down
This includes storing them in emails, having them in documents on your computer or writing them on paper. You’ll be able to reset your password if you forget it.
4. Think carefully about your answers to secret questions
Secret questions were designed to make it easy for you to reset your password or access your account if you forget your original password, by asking you for your first school or other personal information. However, people you know offline will probably be able to answer the question(s) easily enough, and sometimes this can be an issue (for example if you’re resetting a password for something like a Hotmail account where answering the questions correctly will allow you access to emails). If you have the option to create your own secret question, then take it and choose something very obscure. If you don’t have that option, then deliberately choose a wrong, but memorable answer to your question, e.g. using your grandmother’s maiden name instead of your mother’s, or the name of your first child rather than your first pet.
5. Have different passwords for different accounts
This makes things more complicated alongside #3, because remembering your passwords can get quite tricky. However, third party websites can suffer from hacking, and security flaws in social networking sites aren’t uncommon. Many people make the mistake of using the same password for all their accounts, which can cause a lot of problems – particularly if websites send you unencrypted password reminders.
6. Be aware, but don’t panic
When popular sites suffer from security breaches, it’s often news sites and social networking sites that will draw your attention to the problem first. Avoid scaremongering comments and always search the problem to see if it actually exists (to make sure it isn’t media spin or a scam). You can then take the steps to change your password, freeze or close your account etc. accordingly, depending on the scale of the problem and what’s affected.
7. Change passwords on a regular basis
Again, if you have a lot of different passwords then this can be a pain, but it’s an effective security measure and worth taking the time to do.
8. Choose strong passwords
Dictionary words are easier to crack, so avoid these and use a combination of letters, numbers and special characters where possible. Most sites require you to have a password of at least 6 characters, and longer is often better. Many websites analyse your password when creating or changing it to give you an estimate of how strong it is:
Use a combination of letters, numbers and special characters where possible, and try to use at least 8 characters. Always mix uppercase and lowercase letters, don’t use keyboard patterns (e.g. ‘qwerty’) or sequential numbers (e.g. ‘123456’). Avoid repeating characters (e.g. ‘999zzz’), and passwords listed as examples of how to choose a good password.
9. Never disclose your password for anything to anyone
No one should ever contact you to ask you for any password via email or another form of web communication – so don’t reveal it, even if it seems like a request from a source of authority.
10. Keep your security up to date
Check your computer for spyware, malware, viruses and so on on a regular basis, and always keep your anti-virus software up to date. Use the Internet sensibly: don’t click anything that looks suspicious, make sure all your website’s scripts are up to date, and only use third-party add-ons from trusted sources.
11. Keep organised
Be aware of where your details are stored (particularly for email accounts and websites which have your billing information). Close any unused accounts you have and make sure you stay up to date. Don’t have multiple accounts for the same website if you can avoid it – this will also help save you time in searching through emails and so on.
12. Log out
Always log out of sensitive accounts after you’ve finished using them, and try to avoid using critical accounts on public computers where possible.
13. Don’t let your guard down in public
If you use your computer or a smartphone in a public place, be aware of your surroundings and who’s looking at your screen or watching you type in your passwords. Try to avoid saving passwords on your phone or tablet computer as these are much easier to lose or steal on the go.