According to a 2015 report by TeleSign, 73% of online accounts are guarded by duplicate passwords, and 54% of those surveyed use 5 or fewer passwords across all their accounts. Meanwhile, after SplashData analysed more 5 million leaked passwords, it was found that over 10% of consumers use 1 of the 25 worst passwords of 2016.
So, what tops the list of the worst passwords? 123456, password, 12345, 12345678, football and qwerty. Surprised?
The problem consumers are faced with is that as more of the services we rely on every day move online, passwords become a bigger component of our lives and the stakes of keeping them protected grow even higher.
It may seem trivial, but you can easily improve your internet security with these simple tips.
1. Make sure you’re creating strong passwords.
What makes a strong password? In an ideal world, a password should be a minimum 10-15 characters and include both lowercase and uppercase letters as well as numbers and special characters like @ £ $ or *. You should also ensure it is completed unrelated to any of your other or prior passwords.
Struggling to come up with one? There are a number of free password generators online at your disposable, or choose a short sentence or phrase as inspiration and replace particular letters with numbers/special characters. Need an example? How about Fire Exit as f1r3-3x1t.
2. Don’t use passwords using info easily found in your online profiles.
A big part of using a strong password is not using information that could be found by having a look at your social media accounts. For example, if you’re always posting about your dog Spot, don’t make your password Spot_Lv3r.
When choosing a password, you must consider all of the information you have online. For example, H@rRy~P0tt3R tends to be a strong password, it would be wise to not use it if you’re a member of a Harry Potter fan club or share quizzes to your wall like “What House Would the Sorting Hat Put You In?”
3. Use a different password for every website and app.
Yes, we do understand how incredibly annoying it is, but sorry, it’s a must! We’ll repeat; you need to have a different password for all your different account.
You might think a security breach at a company like LinkedIn wouldn’t affect you all that much – all they have is your resume, right? However, if you use the same password for LinkedIn as you do for your bank account, the password app on your phone, or any other services, a hacked can easily find their way into your financial and personal life.
Although it can be a pain trying to remember all those passwords, there are various different options for keeping track. You can install a password manager app (try SafeInCloud if you’re running iOS!), or if doesn’t feel right storing sensitive information in the cloud, you can always create a document on your PC and encrypt it with a password. Finally, there’s always the old-fashioned pen to paper, hand-written list!
4. Avoid linking your accounts.
You know when you go to sign up to a new site and you have the option to create a new account or “log in using Facebook/Twitter/Instagram”? That’s linking accounts, and although it seems like the easier option, it’s always wiser just to create the new account. Sure, linked accounts are convenient, but convenient comes at a cost.
When you use an existing account to log into a new site, you are allowing that website to have some of your data, whether you approve it or not. This could be a privacy concern and may make identify theft easier, and if one account is hacked, all your others could be compromised.
5. Be careful where you put your password.
Make sure you’re aware of all possible risks like using public kiosks and charging stations when logging into any site or app you use; there may be malware or virus. You never know how supports and manages these systems or how securely they’re configured.
It’s just the same for public Wi-Fi, which may be convenient and save your data charges, but ensure you steer clear of entering passwords into any website or app using a public network. Regardless of whether it’s an airport, Uber, or even your local Starbucks. Until increased security solutions are created, traffic on open networks can typically be found by anyone else on that network.
6. Use multi-factor authentication.
Whenever possible, try and use multi-factor/two-factor authentication, especially for email accounts. Most email providers do allow this, including Microsoft Mail and even Gmail.
Although this is useful across all log-ins, your email account is especially important. Considering your email address is where password resets tend to be sent, it’s imperative to protect your email address in order to secure all other accounts. That’s before even considering how much other information a hacker could gather from your email account; home address, potential medical information, financial accounts and personal details.