We use passwords to access our bank accounts, social media, email and more every day.
Passwords are the keys to our online identity. That’s why protecting them is so important.
Creating a strong password is the first step to protecting yourself online. This helps reduce the risk of unauthorised access by those willing to put in a bit of guesswork.
To help stay safe online, here are a few password tips that you could follow:
1. Make your passwords strong
Short and simple passwords might be easy for you to remember, but unfortunately, they’re also easier for cyber criminals to crack.
Strong passwords have a minimum of 10 characters and use a mix of:
- uppercase and lowercase letters
- special characters like !, &, and *.
You may like to consider using a passphrase instead of a traditional password.
Passphrases are considered more secure than regular passwords, and easier to remember too.
A passphrase is used in the same way as a password but is a longer collection of words that are meaningful to you, but not to someone else.
For example, the passphrase ‘CloudHandWashJump7’ is 17 characters long and contains a range of different characters. This is more complex than the average password.
Having complex passwords is essential to deter ‘brute force’ attacks, in which a computer program cycles through every possible combination of characters to guess a password. These automated attempts at guessing passwords are not slowed down by numbers or capital letters but depend on how long a password is.
Depending on the systems you access, you may be limited to a defined number of characters.
2. Make passwords hard to guess
Could someone who knows you guess your passwords? For this reason, it’s best to avoid using personal information such as your children, partner or pet’s name, favourite football team or date of birth as your password.
When trying to hack into an online account, cybercriminals start with commonly found words and number combinations.
So it’s best to avoid using:
- dictionary words
- a keyboard pattern like qwerty
- repeated characters like zzzz
- personal information like your date of birth or pet’s name.
Security companies publish lists each year of the most common passwords exposed in data breaches. Read the list from 2022. Make sure you’re not using them because it’s likely criminals will try these passwords first.
3. Create new, unique passwords
If you need to reset a password, don’t just change one part of it.
Instead of changing a number at the beginning or end, create something completely new, something you’ve never used before.
If your original exposed password had a ‘1’ at the end, an attacker would likely try ‘2’ next. That’s why it’s important to change the whole password.
Get into the practice of changing your password often, ideally every few months.
4. Don’t share passwords, ever.
Never share your password with someone, not even with someone you trust.
What about family and friends?
Regardless of whom you share it with, once you share your passwords you lose control of how it’s stored or how and when it’s used.
What if a business or company I know asks for my password?
Reputable companies won’t ask you to give them your password over the phone or via email or SMS messages. This might be a warning sign of phishing or a scam.
You may not be covered for fraud
Depending on the company or bank you are with, it is usually one of your responsibilities as an account owner to protect your password. Sharing your passwords or even PINs may affect a claim for any money lost due to fraud.
5. Use different passwords for each of your online accounts
Using different passwords means that if one of your accounts is breached, criminals won’t have access to other accounts that use the same password.
Make each of your passwords for online logins unique. This will help protect you from attacks like ‘credential stuffing’.
Credential stuffing is an automated technique used by criminals. They test a user’s known username and password combinations across multiple online accounts.
As many people use the same credentials for multiple sites, it can give criminals easy access to multiple accounts.
This gives criminals an opportunity to gather more information about you, which they might use to impersonate you online to access accounts under your name.
For example, it’s not a good idea to use the same password for an online pizza delivery website and your business email. If the pizza delivery site is compromised, you don’t want someone to also have access to your business email account.
6. Store passwords safely
Writing passwords down is never recommended. You could lose them, or someone else could see them and use them.
Password management tools
There are programs and apps known as password managers that will store all your passwords in a secure vault.
A password manager only needs one strong password to access it and has extremely strong protection to make sure that only you can access it.
This means you only need to remember one password to have access to all your passwords.
Password safes can even generate and store new, complex passwords for you when you create new online accounts.
Try not to allow web browsers to store your passwords
Some web browsers may display a pop-up message, asking whether you want the browser to remember your login details.
For the protection of your personal information, many recommend that you select ‘Never for this site’ if you see this message pop up.
For more information, check out the Australian Cyber Security Centre’s guide on creating secure passphrases
Reproduced with permission of National Australia Bank (‘NAB’).
Any information provided by the author detailed above is separate and external to our business and our Licensee. Neither our business nor our Licensee takes any responsibility for any action or any service provided by the author. Any links have been provided with permission for information purposes only and will take you to external websites, which are not connected to our company in any way. Note: Our company does not endorse and is not responsible for the accuracy of the contents/information contained within the linked site(s) accessible from this page.