16 August 2017

Password Tips

Your password is your first line of defence against fraudsters, trolls and other online scum, so make sure it’s strong. Here are some tips:

Passwords you use every day

  • Use a passphrase made up of several random words, rather than a single word
    • Use a totally unique passphrase – not just a variation on an old one
    • Use a mix of upper-case letters, lower-case letters, numbers, and symbols
  • Never write it down
  • Use multi-factor authentication where possible (Explanation at bottom of the page)
  • Every few months, change it to something new and totally different
  • Single sign-on can make things easier (Explanation at bottom of the page)

For passwords you use occasionally

  • Use single sign-on where possible
  • Use a passphrase made up of completely random upper-case letters, lower-case letters, and numbers
  • Store it in a reputable password manager like LastPass
  • Use multi-factor authentication where possible
  • Every few months, change it to something new and totally different

Common mistakes we see – avoid these

  • Don’t use personal data relating to yourself or a friend or family member, for example:
    • A person’s name
    • Home, work, or batch address
    • Company name or brand name
    • Pet’s name
  • Don’t use common words such as password, 12345…, abc…, qwerty
  • Don’t use the date or season
  • Don’t make small changes like adding a zero, or increasing a number by 1
  • Don’t replace letters with numbers or symbols (1337-speak)
  • Don’t use the same, or similar passphrase on multiple sites
  • Don’t write your passphrase down (except in a password manager)
  • Don’t share your passphrase with other people

What tools can I use to stay secure?

Multi-Factor Authentication – In addition to typing a passphrase, you must also tap a notification on your phone, or enter a code from an app, text message, or email. Biometrics (fingerprint, iris scan, facial recognition) may also be used. As a result, even if someone guesses your password, they won’t be able to login as you, as they (hopefully) won’t have your phone or your finger.

Password managers like LastPass – LastPass stores your passwords securely in the cloud. This means every site can have a unique, totally random, strong password, and you only have to remember your LastPass master password. Only the person who has your master password can access your passwords.

Single Sign-On – Login to multiple services by authenticating against one common service, such as Microsoft or Google. This means you have less passwords to remember and change. Your passwords are also less likely to be breached as they’re only stored by a small number of secure sites.

To receive our regular updates, register for CEO Paul Spain’s tips and insights via email.