Help and advice
But using the same password is asking for trouble – if a hacker gets access to one of your accounts then they'll quickly be able to access others. This could have potentially costly consequences, so it's especially important to take digital security seriously.
Online accounts can be compromised in a numbers of ways, including:
- Data breach – your account details are stolen from a server
- Phishing attack – a spoof email/phone call asks you for your login details
- Social engineering – someone pretends to be you and requests information about your account from a third party
- Brute force attack – someone tried many different passwords until they guess the correct one
How to stay secure online
- Do not reuse passwords across different websites
- Activate two-step verification on services that allow it – this means that to log in you’ll need not only your password but a unique code from an app on your phone. The code is regenerated every 60 seconds, so even if someone else had your password they wouldn’t be able to log in
- Use strong passwords – Google’s password creation advice suggests you steer clear of using common words or personal information as your password. Avoid 'password' or 'letmein' or similarly weak choices. Keyboard or sequential patterns such as qwertyuiop, asdfgh or 1234abcd are just as weak
Microsoft offers the following advice on what you should aim for when creating a password:
- Make sure it is at least eight characters long
- Ensure it doesn’t contain your username, real name or company name
- Ensure it doesn’t contain a complete word
- Make it significantly different from previous passwords
- Include uppercase letters, lowercase letters, numbers and symbols
A password generator can create long, randomised passwords for you to use. Online password generators automatically create a secure, random password. For example LastPass, a password management system, offers a password generator for anyone to use. The use of a password manager itself can also be a convenient way of keeping track of all of these different passwords.
Use a password manager
Password managers store passwords for a variety of websites; many of them can also create strong passwords for you and help ensure that you are using different passwords for different accounts. A number of different services offer this functionality, with perhaps the most well-known being LastPass, 1Password and KeePass.
Password managers work by saving your account passwords and filling in your credentials for you when you want to log in to a website. They are often a good way of balancing convenience and security; additionally, if there is a security breach on a site that holds your data, many password managers will alert you if your password has been compromised and will offer to change it for you (service and platform dependent).
It should be stated that different password managers treat your data in different ways. For example, LastPass and 1Password keep your password data on their own servers – which carries inherent risks in terms of susceptibility to hackers. With a service such as KeePass, on the other hand, your data never leaves your machine. Cloud-based password storage does, however, mean you can install the browser plugin on a number of different machines and sync your passwords instantly between them – some security is exchanged for extra convenience. And just because your data is stored on an internet-connected server doesn’t mean that it’s waiting to be hacked; the LastPass website, for example, offers a lengthy explanation of its security process.
We don’t recommend a particular approach – but we do urge you to read about the different types of service and to consider using a password manager for keeping track of all your different logins.