Password management company NordPass have recently released their list of the most common passwords of 2020, and it’s not comforting reading!
Nords’s list includes the top 200 passwords, along with how many uses each has had, the number of times they’ve been exposed this year, and the time it would take them to be cracked in a brute force attack.
Despite regular warnings from security professionals, software providers and sys admins across the land, the list is packed full of the usual suspects. We’re talking about millions of people using passwords like 123456, 000000, password and qwerty.
Is it any wonder that so many users’ accounts are hacked and taken over every day? Especially when many people use the same one or two passwords across all of their online logins. If one of those accounts is breached, then all of the others are immediately at risk.
But with the average person now having so many different online accounts to remember passwords for, it is understandable why people default to the same few easy to remember choices. I struggle to remember what I had for breakfast, let alone a list of random unique passwords. We humans like patterns and names, as they make things easy to remember. But unfortunately, they’re also the easiest to crack.
The strongest password choices are randomly generated, complex strings of characters. But unless you have a Guinness Record Breaking memory, you’re going to struggle to memorise more than one or two (on top of all the pin numbers, phone numbers and other important things to remember, floating around in your brain) and if you then need to have a unique password for each account you have online, you’re going to be making very regular use of the ‘forgot password’ function.
Without going through some intensive memory training, how then do you go about creating strong and unique passwords for each of your online accounts, and actually remember them? The good news is you can leave the remembering to a tool, and you’ll only need to remember one master password to access that tool.
First, let’s look at best practice when creating and using new passwords, as recommended by the pros:
1. No Reuse
Although it’s tempting, never use a password across multiple accounts. If one gets hacked, all the others become vulnerable. So use unique passwords for each account.
2. No patterns or personal details
With so many strings of numbers and characters to remember everyday, we’re drawn to familiar patterns and memorable dates or names. But this is not recommended.
Using personal information like birth dates, pet names, birthplaces, family names etc, makes for easily compromised passwords, as much of this information is freely available.
As for patterns and sequences, the Nord list is the perfect example of why these are a bad idea, and so easy to crack.
3. Password format
Make sure your passwords are long! Aim for 12 characters or more where allowed, and use a combination of lower and uppercase letters, numbers and symbols.
You should aim to update your passwords on a regular basis. Then even if a password is acquired through a data breach, you will have hopefully updated to a completely new password, before any attempt is made on your account.
So, I know, so far I’ve made your life more complicated. But fear not. Now let’s take a look at tools available to make password security a breeze, and how you can up the security for many of your online accounts.
Here are our top tips:
Creating unique, random passwords can be difficult. Our brains like memorable patterns. If you struggle with this, you make use of a random password generator.
There are many available, but here are two we know and trust:
Now here is the real saviour. There are many great solutions available to securely encrypt and store your passwords and credentials, and which let you easily input them when required. These are usually referred to as password managers, lockers or vaults. Some are free, and some have cost associated. But it is worth researching the available choices and finding one that is right for you.
Many accounts will now allow you to set up two factor authentication. This requires you to make an additional step after entering your login details for an extra layer of security. A commonly used one, is a unique code sent to your mobile or email, which you have to enter to gain access to your account.
This added step makes it so much harder to breach your account, without also having access to your phone or email. You will also be notified if someone is attempting to access your account, as your will receive this two factor code. This will prompt you to go and change your login details.
It is gradually becoming the standard, and is frequently used for banking, paypal, email, some online stores and gaming memberships and platforms like Playstation and Steam.
If you have the option to set up two factor authentication, do it!
4. Have I been pwned
This site allows you to enter your email addresses and will list any data breaches your email address has been included in, and what data was acquired.
They will then also email you every time your email address is involved in any other breaches, allowing you to take action, change logins and make sure you’re not using the same credentials anywhere else.
5. Delete Old Unused Accounts
I don’t don’t know about you but I have regularly set up logins for things, and then stopped using them. Now I try to make a habit of removing these accounts.
Your inbox can be a good place to start. All of those unwanted emails from things you signed up to forever ago. Perfect excuse to kill two birds with one stone – delete your account and unsubscribe your email address.
This can be quite a satisfying process. Spring cleaning for your digital home.
Digital Security On A Wider Scale
Taking care of your personal online security is one thing, but it is important to remember to apply that same care to your business.
A hack or data breach can be catastrophic for a business. There is the potential for GDPR fines for data breaches which aren’t immediately reported, and hacks and attacks can take your site down. Losing your main revenue generator for any amount of time can be disastrous.
Website security is often forgotten about until it is too late. Don’t let your business become victim to a hack. If you’d like to find out more about how we can help protect your WordPress website, speak to our team about a Support & Maintenance plan.
Digital Marketing Manager, Cat Lady & Former Female Indiana Jones
Vikki has a decade of experience in Digital Marketing for WordPress specialist agencies. She loves WordPress for its simplicity of use, and how great it is for SEO.