What’s wrong with passwords you might ask? Well, our brains simply can’t remember a different one for each app, service or website so you probably use one or just a few passwords which are only a variation on a theme.
And so, people use the same few passwords for everything and they use create those passwords using personal information - such as kids’ names, family birthdays, even car registration plates.
Of course, this is pretty easy stuff to track down, which makes those passwords relatively easy to guess. Worse still, some people still use 12345678 or password, and it’s weak passwords like these which put all your accounts at risk.
That’s because if you use the same email address and password for lots of websites, ranging from low- to high risk (say, a forum up to your bank) then one day one of those sites is going to be hacked and the logins stolen.
Since hackers know people re-use their logins, all they have to do is try those stolen logins on the high-risk websites where they might be able to sign in and get more of your personal information or - better still - your money.
The thought of having to remember a unique password for every website is sickening and - possibly worse - having to log into all those sites and change those passwords.
Being the first Thursday in May, it’s World Password Day again. The whole point of this manufactured day is to raise awareness of the importance of using so-called strong passwords, and a unique one for each account you have.
So the point of this article is to encourage you to do precisely this: go through your important online accounts and change the password.
Get a password manager
The good news is that there are apps which will remember all the passwords for you. The best password managers will offer to enter your email address and password whenever you see a login screen and if whichever device you’re using has some kind of biometric authentication - such as a fingerprint reader or face ID - then you can use that to prove that it’s you and grant permission for the password manager to retrieve the details and enter them.
So, you don’t even have to open the app, look up the login and then copy and paste the details. It all happens automatically.
Some of them, including LastPass, have a feature which can automatically log into an account and replace the old, weak password with a new, strong one. I’ve never managed to get this to work, but the fact is that some of the heavy lifting can be done for you.
If you don’t want your password manager to generate passwords for you, here are some great tips on creating memorable, but strong, passwords.
You might already use the password manager built into your web browser or phone (such as Apple Keychain). That’s a good start, but it’s best to use a password manager which works on all your devices because this way you’ll have your logins at your fingertips even if you move, say, from an iPhone to Android.
Use two-factor authentication
Banks already use two-step verification because of the high risk, but a lot of other services and websites now offer it and you should use it wherever you can.
It’s less convenient but a whole lot more secure than a password alone.
With 2FA, as it’s known in the security world, you still enter your email address / username and password but after that a separate code is sent to you by email or SMS and you have to enter this unique code to gain access to your account.
So, even if someone has got hold of your password, unless they also have access to your phone or email account, they still can’t do anything with it.
You can use 2FA on your Google, Apple, Nest, Facebook, Instagram, Twitter, Microsoft, Dropbox, LinkedIn, Snapchat and Yahoo accounts, among others.
Strong, complex passwords are great, but they’re only great if the service you use them with is secure and stores your details - including password - in an encrypted format. That’s why two-factor authentication is the best way, currently, to secure your accounts.