I was interviewed on BBC 5 Live this morning about whether we have reached ‘peak password’. I gave some advice on how people can better manage their passwords and, having been asked by 5 Live to write five top tips for password management, wanted to expand on my thoughts here:
1. Don’t use something personal for the basis of your passwords as we often share personal information online, for example referring to our family members, pets and favourite sports teams on social media.
2. Your password should be something memorable but not personal. For example on your desk you may keep a stapler next to a blue mouse mat, in which case a password could be ‘staplerbluemouse’. To make it more complicated, swap some of the letters for numbers and special characters, and use uppercase as well as lowercase letters. So the password could become ‘St@p1erbluem0usE’.
3. Another good approach is to base passwords on sentences, for example from your favourite books, poems or songs. For example, ‘I see a black door’ could be ‘Iseeablackdoor’ which becomes ‘Is33@bl@ckd00R’ when we add in numbers and special characters.
4. Your passwords should be long and use a mixture of upper and lower case letters, as well as numbers and special characters. This is because attackers use tools to crack passwords that contain large dictionaries of normal words. It can be hard to remember a lot of complicated passwords so you may want to consider a password manager.
5. Where it’s available, enable two-factor authentication. It sounds complicated but it’s actually very simple – and effective. It basically means that if you use a device that you don’t usually use to log into an account, you’ll be texted a short number which you have to input to get access. This means that if your password is compromised by an attacker they can’t get in to the account. It also means that if an attacker tries to get into your account, you’ll receive a text with the code. You’ll know that you didn’t prompt it and so it acts as a warning that someone is trying to access your account and you may want to strengthen your security. Unfortunately, a lot of people are not aware of two-factor authentication; if you want more information, check out https://twofactorauth.org/.