Passwords. From watching TV to completing your monthly shopping, you can’t spend even an hour without them.
Additionally, even though it may appear tedious, those random characters, numbers, and letters are necessary for your online safety. Think of them as the bothersome but necessary equivalent of a riding helmet on the internet.
That’s not the greatest example, in fact, and not only because some people are loudly against helmet use. No, it’s because each account has a unique password, but you don’t need a separate helmet for each bike trip. I take it that everyone does that?
Wrong. Numerous studies have shown that more than 50% of us reuse passwords. A 2019 survey by Google revealed that 13% of users set the same password for all of their accounts – including their email.
But as Surrey University’s Professor Alan Woodward says, email accounts can be ‘the keys to your digital kingdom’.
‘People might think they have a strong password, but if you’ve reused it 25 times, it’s not strong anymore,’ says Professor Woodward, a world-renowned specialist in cyber security, covert communications and forensic computing.
‘People also tend to think the longer it is, the stronger it is. There’s some evidence that’s not true, because the longer you make, the more you tend to start using phrases, and they’re easier to match.
‘So you might use “mydoghasbigears”, or “mydoghasbigears” but you transliterate all the Os to 0s and the Is to exclamation marks – well, it’s actually very easy to build dictionary attacks that take all that into account.
‘The best password is the one you can’t remember, and that’s where password managers come in.’
While some may worry password managers are akin to using the same password for every account – because if a hacker gets into it, they have all them all – managers still offer multiple security features that make using them far more efficient in keeping your digital world safe.
One of the best, as Professor Woodward alluded to, is the creation of strong, meaningless passwords.
‘The password manager does two things for me – it keeps a lot of passwords which I can instantly access, but it also generates strong passwords – ones that are gobbledegook, zeros and exclamation marks,’ he says. ‘Whereas if you’re doing it as a human, what you tend to do is use real words, and they’re instantly sucked into what are called dictionary attacks.’
A dictionary attack is a ‘brute-force’ hacking method, systematically running through lists of common words, phrases and leaked passwords in the hope of matching one.
‘I can see why people might have reservations about password managers, but once you get to a certain critical mass of accounts as I have, I would be reusing my password all the time,’ says Professor Woodword. ‘And reuse of passwords is one of the worst things to do.
‘As soon as one goes, everything else topples. And if hackers get it, they will immediately go and try it on everything else.’
Other benefits to a password manager include their ability to notify users if a password has appeared in a known data breach, and help spot fake websites used as part of phishing attacks. Most will also work across platforms, so it doesn’t matter if you use, say, a mix of Apple, Android and Windows across various devices.
However, as the National Cyber Security Centre notes, you can’t use the password manager to store its own password, so this still needs to be something strong – but something you can remember. It recommends using three random words together, and turning on two-factor authentication, so even if a cyber criminal gets the master password, they still can’t access your other passwords.
But if a password manager is still not for you, make sure to activate two-factor authentication on any accounts where it’s possible – and don’t send the access code to your email, where a hacker could access it. An app or text message is much more secure.
And yes, that’s another step and possibly another device, but it’s a minor inconvenience compared to the fallout from a major hack. More than most things, the internet is user sensitive. It can be a great place, but it’s not always a safe place.
Help those passwords to help you.