We all know that we should use different passwords for every account, and ensure that those passwords are easy enough for us to remember but difficult enough that a hacker can’t crack them. Most people will tell you that it is not really humanly possible to do both these things given the number of passwords that we all have.
There’s a general consensus among cybersecurity experts that longer is better when it comes to passwords; we should all be aiming for a minimum of 12 characters. Additionally, websites either recommend or specify that passwords are made up of a combination of uppercase and lowercase letters, numbers and special characters.
Passwords should, of course, also be difficult to guess and should not contain any meaningful words, phrases or dates (such as football teams, birthdays or family names) that are relevant to you as an individual.
This complicated set of requirements might seem more secure, however if it means consumers can’t easily remember their passwords and then, becoming frustrated, revert back to using easier to remember, less secure passwords, then it is a self-defeating approach.
This is the reason why a large proportion of the online community have fallen into bad habits and short cuts, all of which compromise their security. Common behaviours include re-using passwords, or parts of passwords, and also recording them all insecurely either manually or electronically.
There are therefore two challenges to overcome:
1. To create secure, but easy to remember passwords.
2. To have a secure system to be able to look up your passwords when you forget them.
How do I create a strong password?
Many experts are now advising that using only letters to form a phrase or memorable sentence is actually a more secure solution – as long as it makes the password longer. So if you can think of a sentence, and preferably encode it, then that’s better for security and better for your sanity.
The FBI favours this approach. ‘Instead of using a short, complex password that is hard to remember, consider using a longer passphrase,’ advises the FBI.
‘This involves combining multiple words into a long string of at least 15 characters. The extra length of a passphrase makes it harder to crack while also making it easier for you to remember,’ they say.
So an example of this might be taking a nursery rhyme sentence and taking the first (or last) letter of each word, with every other letter being a capital.
So: ‘Jack and Jill went up the hill to fetch a pail of water’, becomes JaJwUtHtFaPoW.
If you do have to add numbers and characters then you will of course need to fine tune your approach but again use standard easy to remember rules to derive your password.
Common password mistakes to avoid
The UK’s National Cyber Security Centre (NCSC) carried out its first UK Cyber Survey in 2019, which revealed the most commonly hacked passwords.
You can find the full list here. If you see a password that you use on the list, the NCSC’s advice is to change it immediately.
Top of the NCSC’s list of 100,000 breached passwords is, perhaps unsurprisingly, ‘123456’, with ‘password’ also featuring in the top five. The least secure names to use are ‘ashley’ and ‘michael’, and Liverpool FC fans should avoid using their beloved club’s name – ‘liverpool’ tops the list of most-hacked passwords featuring Premier League football clubs.
5 steps to creating a strong password
1. Make it long
There’s no substitute for a long password. While experts argue over the fine details, they all agree that length is key when it comes to security. Of course, the challenge is then remembering such a long string of characters.
2. Make it memorable
A frequently used password can be very time consuming if you can’t remember it. There’s nothing more frustrating than being presented with a ‘Your username or password is incorrect’ message, especially if you’re convinced you have entered the right details.
The difficulty of creating a strong password is to make it memorable enough for you to recall, but complex enough to stop cybercriminals deriving it.
3. Avoid using anything personal
Never include any words, phrases or numbers that are personal to you. With the rise of social media, it doesn’t take a master criminal to find out a vast of personal information amount about you (the names of your children, friends, birthdays, holiday preferences, etc. are just a small fraction of what can be found).
4. Don't change it too often
Once you have chosen a long, strong and memorable password, you do not really need to change it that often. Though of course if you think that it has been compromised in any way you should change it immediately.
In the past security policies, particularly in the workplace, often required people to change their passwords on a regular basis. Experts now agree that this is counter-productive.
Passwords are one of the most frustrating things about modern life, people understandably do not want to change them regularly, especially after they have memorised them! So, when made to change their passwords, many people typically prioritise simplicity over security, opting to just reuse the same password with a slight variation – quite often by simply adding a number to the end. So regularly changing your password doesn’t necessarily improve online security at all, it may even weaken it.
5. Don't write it down
Most people have their own systems for dealing with their passwords. This normally revolves around writing them down or recording them electronically in some way.
However all of these approaches are far from ideal, they are inefficient, inconvenient and certainly not secure enough (even if password protected).
So if the advice is never to write down your passwords, what is the solution given that you are never going to be able to remember them all.
Cyber security advisers recommend that online users should routinely use a Password Manager to improve their online security.
A password manager stores all of your passwords and PIN numbers in a secure vault where all of your data is encrypted and only you can access and read it. This be accessed by one secure master password and can make your life significantly easier.
Which password manager should I choose?
There are many password managers on the market, some are very comprehensive, complex and expensive (i.e.£20-£60 per year), others are free but offer limited features. The free versions are only really offered to eventually move you onto the premium paid for version once the limited feature set does not meet your needs. Users will need to decide exactly what they want out of a password manager before deciding on which one to choose.
However, if all that you want, after having decided to upgrade your passwords, is speed, simplicity and security maybe you should look at DataCave.
DataCave is a different kind of password manager. It is not trying to copy the other password managers on the market. It is effectively just trying to replace your ‘little black book’ with something better.
Key features of Datacave:
- DataCave takes less 2 minutes to setup, then you are ready to go.
- A user’s passwords, PINs and other key data are only stored on the user’s own mobile devices where it is encrypted. Encryption means that only the user can read their data, no one else can.
- A user can find any Password or PIN, or any other stored information, they need to recall in 2-3 seconds.
- DataCave security has been independently verified by a recognized global security company (Claranet). Their report is available on the DataCave app.
- DataCave has been priced so that everyone can afford the DataCave service. It is available at a subscription price of only £0.99 per year. Furthermore, the DataCave Team is so confident that users will love the DataCave app that they are offering it free for an incredible 12-month introductory period.
So if you are looking for a way to relieve for your Password Pain, why not give DataCave a try?
DataCave - Instant Password Recall.
