Why bother thinking about password security?
Improving your password security is something we often think we need to do, but often don’t know where to start. In the 2013 Movie, Now You See Me, the Four Horseman (a group of Robin-hood type thieves disguised as magicians) trick a billionaire, Arthur Tressler, into giving them his security information. They simply discover in a subtle way his mother’s maiden name and the name of his favourite childhood pet. They use this information to hack into his bank account, and bang – all his money is gone.
Arthur: Hey, did you do this!?
Jack: How could we, Arth? We don’t have your password.
Henley: We’d need access to information we could never get our hands on…
Daniel: Security questions for instance… Like, I don’t know, Your mothers maiden name or the name of your first pet.
Merritt: Where would we get that information, Arth? You’d certainly never tell us…
The internet has become a place where people are hacked constantly. A simple way to avoid being maliciously attacked in this way, is to use strong passwords, and even better, storing them in an encrypted form. If you don’t know how to do that, never fear, I’m going to explain how.
How secure are your current passwords?
I want you to think about your current passwords and how easy they might be for someone else to guess. Now, if you already use a Password Manager or encryption tool, have a great strong-password generating method, this blog probably isn’t for you. But, if you’re still reading, my guess is this may be new information to you, and there’s going to be some very useful tips here for you.
I’m not going to lie, changing your password habits and implementing a strong password system isn’t an easy transition. But, it is worth it, and there are many tools to help simplify the process for you. Once you start to form better habits, it does get easier, I promise. Also, don’t freak out – there are tools to help, and don’t worry, you don’t have to remember a whole heap of random passwords. In this blog I’ve attempted to break it down for you, and help guide you through a process to help you on your better password security journey.
Before we get into details, watch this video, and see just how easy it is for people to figure out your password:
Use a Password Manager to increase password security
In Lord of the Rings there is one master ring that rules them all! A Password Manager will do the same, it allows you to create one strong password, which you can then use to rule them all! The best part is, it means you don’t have to use your memory to remember thousands of different passwords.
There are a lot of Password Managers available. Here are the ones I’m the most familiar with:
If you can’t decide which one to use, there’s a few websites you can look up that review them all and point out the different features, but really, choose the one with the interface you find the easiest to interact with. Also, most of these have a free option, or a minimal annual fee if you want to create multiple folders or share passwords amongst a team.
For those who aren’t familiar with Password Managers, here’s why they’re awesome. You save all of your passwords in them, every single one, and you only ever need to remember your master password to access your Password Manager. I’ll explain a bit later in this blog how you can create a strong password for your Password Manager.
Some of the benefits of using a Password Manager;
- You only need to remember one master password, ever.
- The Password Manager generates strong passwords for you whenever you need one.
- You can set the Password Manager up on all of your devices.
- The Password Managers uses encryption to store your passwords, so there’s an extra layer of security right there. (For those who don’t know what encryption is, it’s basically a computer’s way of turning any information into a code that is unreadable by anyone who doesn’t have the correct access.)
- The Password Manager will prompt you to auto-fill a password whenever you’re asked to login somewhere. Goodbye manual logins!
- Most Password Managers have the ability to use biometric authentication. (Sorry for all the geek-speak, for those who don’t know what biometric authentication is, it’s using the way you access your phone – password/fingerprint/facial recognition – to access your Password Manager, rather than using your password every time).
- You can add notes to each of your stored passwords, so if there’s additional information you need to recall, like what you answered for the security questions, you can add this as a note to the password.
Generate a unique password EVERY TIME
Don’t freak out, because in step 1 you selected your Password Manager, you no longer need to remember a million different random passwords. The Password Manager will remember them for you. You just need to remember the password to access your Password Manager.
All Password Managers have a “generate password” tool – and you can use these to create a new random, unique, strong password every time you need to set a new password.
Remember, you only need to know the password to access your Password Manager – but it needs to be a strong one! Here’s a little method I found helpful in creating a strong password that I could actually remember (I don’t actually use this method anymore, but it did help when I was first getting my head around how to create a strong password).
Example of how to create a strong password
- WORDS: think of 4 things; for example:
- Your pet (e.g. cat)
- Your first job (e.g. supermarket register assistant)
- An object in the room (e.g. photo frame)
- Your favourite food (e.g. lamb).
- GET CREATIVE: Now, let’s get a bit more creative:
- What’s a random fact about your pet (e.g. They like to lick)
- What month did you start your first job (e.g. June)
- What is the colour of the object (e.g. Purple)
- What type of food is it? (e.g. Savory)
- MIX IT UP: So far these are simple words, but together make a long, unique and memorable password. This is the important part. Now we can make it a bit better by adding some capital letters, numbers and symbols, but don’t stress about this part, keep it simple, if it’s easier to add a fifth word in step b, do that instead. Simple rules like replacing all the U’s with 7’s (it’s just above the U key) and capitalising just one letter somewhere in the middle will do. If your system requires a symbol as well, you can just add one at the end at this point.
- Lick = licK (k=K – capital)
- June = j7ne (u=7 – number)
- Purple = p7rple (u=7 – number)
- Savory = savory# (# added – symbol)
- FINISHED: Now let’s put it all together:
LOOK!! Now we have a strong password that has a mix of UPPER and lowercase alpha letters, numeric and symbol. I have to remember the words “lick, june, purple, savory” – which I can do as I can associate them with the original 4 items I thought of, and then I have to remember the key I created. Trust me, you’ll use this password a lot, so it won’t take you long to remember it.
Chances of someone else (and more importantly a machine) guessing this is very low. Now don’t use this example, go and find your own tools and ideas, something you will likely remember.
Also, I personally write this one down on a tiny piece of paper and hide it somewhere in my house. Because if you lose it, you lose all your passwords! Make sure you keep it somewhere safe. There’s no easy “Forgot Password” option with an email reset with a Password Manager because the companies providing these services have no way of accessing your passwords.
I’ll say it again, you only need to remember this ONE password to rule them all.
It’s also recommended you update this password at least once every 12-months.
Don’t give away your identity
Have you ever created a password online, and then been prompted to answer some pre-written security questions in case you forget it? Questions like, what’s the name of the first street you lived in? What’s your mother’s maiden name? Who did you have your first crush on?
On a different note, have you ever participated in an online social media game where you answer 20 questions about yourself, so you and your friends can all learn about each other? Have you ever noticed that many of these questions crossover? This is a classic ploy to get you to give away your security information – and it’s one of the key ways identity theft can happen.
“But, how can I eliminate the possibility of someone stealing my identity?” I hear you ask. And my answer is simple.
Yep, when you answer these questions, don’t answer them honestly, and there are 2 options here.
- Generate a random answer every time you’re prompted to answer one of these security questions, and save it in your Password Manager (this is my preferred method).
- Create an alter-ego for yourself, with answers to these questions that you and you alone will remember. This option isn’t as safe as option 1, but if you like getting creative and making up characters, it could be fun.
Here’s a cautionary tale for you
A few years ago I was trying to cancel my mobile phone account, and I had about a 30-minute fight with the operator as I wasn’t giving them the correct answer to my security question, “What is your mother’s maiden name?”. I was answering them correctly, but it wasn’t the answer they had on file – and I wasn’t able to access my account.
When finally after a lot of unnecessary drama I was able to access my account, I discovered the question they’d actually asked when I signed up for the account was “what is my mother’s last name?”.
So I had answered with her married name, not her maiden name – but somehow the question had been written incorrectly. It was unnecessarily frustrating, and the moral of the story is – they didn’t actually care what my answer was, they just cared if I answered the same way every time (not my fault the question was wrong).
Use different passwords
I know we’ve all been guilty of using the same password in multiple situations – but that is terrible practise and needs to stop.
Unfortunately, websites are being hacked all the time, you often won’t even know that your password has been compromised in one of these hacks, but hackers will use the email and password to try and login to other websites and services, so if you use the same password everywhere you’ll be more likely to have someone hack your email or facebook accounts than someone with simple but unique passwords.
A helpful website is ‘;–have i been pwned?. This service can check your email address against a number of large breaches and tell you if your account/password was most compromised. My personal email account has been in 9 of these breaches (including LinkedIn, Canva and Dropbox), and these are only some of the ones that have actually been caught and then collected.
A wonderful thing about using a Password Manager to generate secure passwords for you, it’s easy to create a brand new password every single time you’re promoted to create a new account for something.
Having a unique password every single time means there’s far less chance of being hacked in multiple places if someone does by some chance manage to discover your password. Everytime you login to a site online, save the password to your Password Manager, and if the password isn’t strong, take a few moments to update it, or if you’re in a rush make a note to come back later.
Share passwords in a secure way
Have you ever been sent a password via email or SMS? Neither of these use encryption, which means there’s always a chance the password can be intercepted at some point. I always try to share passwords securely — if whoever I’m sharing it with uses the same Password Manager as I do, then sharing is simple, because I can simply share my password that way. However, not everyone uses a Password Manager, so another option is to use a simple and free tool that is a once-only share. I personally use the following 2 sharing tools:
You simply type the password information into one of these tools, it saves it and generates a link, you then share the link with whoever you need to share the password with.
Once they have opened it, the note is destroyed, and the password cannot be intercepted by any third party.
But, how do I change my existing password security habits?
Yes, there’s a lot to take in (and I’ve tried to stick to the basics). If password security is new for you, it’s not something you can change overnight. Here are some practical tips for helping you transition to better password habits:
Choose a Password Manager
Download your Password Manager to your computer and devices, so you can access it no matter where you are. Set this up so you can always be prepared with your passwords if ever you need to login to something online.
Create ONE master password to rule them all.
Using the tips above, create a strong master password to access your Password Manager, and then you never have to worry about remembering any other password ever again.
Always generate a new password
Use your Password Manager to generate a unique password every time you create a new account for something. Then, save it to your Password Manager of choice and don’t rely on your memory anymore.
Update all your old passwords
Whenever you login to a site online, save the password to your Password Manager, and if the password isn’t strong or unique, take a few moments to update it, or if you’re in a rush make a note to come back later.
Don’t keep password records
Remove any records you have of passwords that exist in other places. Your Password Manager is the safest way to store them. If you’re ultra nervous, make sure you only save Passwords somewhere offline using an encryption tool.
Answer security questions with a lie
When answering security questions, lie! But record your lie as a note in your Password Manager in case you ever need to answer them again in the future. But please don’t actually give away your personal identifiable information online.
Be secure online
Now you’ve got the basics, go forth and practise better password security!
You may go ahead and play those silly games on social media that ask you to list 20 random facts about yourself in order to steal your identity – those answers are in no way linked to your actual passwords or security information anymore.