Dermot Williams, Managing Director of Threatscape shares his top five tips for securing online passwords:
1) Do not use the same username and password for all websites.
Many people use the same username and password for multiple websites. If a hacker breaks into a website they will have your username and password for multiple sites. This means you are only as secure as the least secure website you’re using. While you may be very diligent and very aware when using social media and especially your online banking, you might not worry as much about the local GAA websites or a little website that doesn’t have good security. If you use your password on these types of websites and the website gets breached, suddenly an attacker knows your credentials and can run off and uses it online on lots of other sites to try to find a way in. The hacker will generally have an automate process that can fly through hundreds of websitesas you’re only as strong as the weakest link in that case. There have been instances where sites have been hacked and within minutes people’s bank accounts have been emptied, their social media being abused and their work credentials are being used elsewhere. Make sure to vary your passwords.
2) Use a password with 15 to 20 characters including letters and numbers.
Do not use a password that is really obvious. There was an attack about 18 months ago in the US where millions and millions of passwords were stolen and somebody took it upon themselves to analyse the frequency of them. Passwords such as a ‘password123’, ‘No more secrets’, ‘let me in’, was being used by tens of thousands of people. Try to use something that is a little bit more unusual, including both letters and numbers. If you find it difficult to remember a long password well then maybe use a phrase like the first letter of the first name of the players on your favourite football team or a phrase from a song or poem that you learnt in school that might end up being 15 or 20 characters which is much more secure and will help you to keep the bad guys out.
3) Do not share your password to other people.
There is an American researcher who has this phrase ‘treat a password like a toothbrush. Keep it to yourself and don’t let anyone use it!’
4) Use a password manager.
If you do find it difficult to remember all these passwords and you’re writing them down on scraps of paper, there are better ways to store your passwords. There are a whole category of programs called password managers which are free to download onto your computer and your phone and remembers your passwords for both devices for you. ‘Last Past’ is a popular program and the free version is quite good. It will remember all your passwords for you so the only thing you need is your one password for ‘Last Past’ which needs to be very secure as it holds the key to all your passwords.
5) Use multi-factor authentication.
Using a password alone is not a very secure way of authenticating yourself to a website. In security, we talk about multi-factor authentication which involves being able to prove who you are by doing more than just entering your password. You can get a text message to your phone with a number which you have to type in along with your username and password. This number will be different every time so unless someone knows your password and has your phone they can’t get access to your accounts, keeping the bad guys out. This makes it a lot more secure than a password alone and both Microsoft and Google have got apps you can install on your phone when you try to login to a website on your phone. This adds another layer of security including something you know which is a password and something you have which is a mobile phone. This makes it much harder for an attacker to beat the system.
The question that people should be asking themselves in the back of their mind right now is; when is the last time I changed my password on the most important/most valuable/most critical website I use? If it is more than 3 or 6 months ago maybe it’s time to do it today.