We all have passwords, and some of them might be good, but on May 2, it’s World Password Day, and that means it’s time to be reflective on the passwords we have.
Passwords are a major part of our digital lives because security is important. You don’t want everyone to know about every little thing you’re doing, and so you keep passwords on services and gadgets so that only select people can get in.
That’s generally you and maybe a few others, but the amount is usually quite small, because passwords are about security and keeping things locked down.
But passwords aren’t always easy for people to remember, or even easy for people to work out. Your browser can probably suggest them, and provided you stay in a device or browser ecosystem, it may even remember them for you, but not always.
For instance, if you have use an iPhone with Safari but then jump back across to Chrome on your laptop or desktop, you may not have those passwords synchronised.
And sometimes, you just want to remember the passwords for other reasons, such as logging in somewhere or just to have them memorised.
This requirement for passwords that are easy to remember can lead to poorer passwords, simply because “easy to remember” is often connected with “easy”, and that’s not good for security.
In fact, a good password is generally the opposite, with McAfee’s Ian Yip, Chief Technology Officer for APAC, telling Pickr passwords are more likely to be guessed when they’re personal, recycled, and not complex.
“Cybercriminals know all too well that one size fits all. The practice of using the same passwords for different accounts has gotten even riskier over the last several years, largely due to the high number of corporate data breaches,” he said.
“Use unique passwords for each of your accounts, and change your password immediately if a website or monitoring service you use warns you that your details may have been exposed.”
Yip suggests a minimum of 12 characters made from a mix of numbers, symbols, and upper and lowercase characters, and if you’re intent on making it easy for you, consider a phrase that isn’t personal at all before running it through that mixture of characters. It might be something like “NoMoreBloodyABBA”, which could read as simple as “N0M0reBl00dy@BB@” where the letter o becomes zeroes and the letter a becomes an at sign.
And if you’re concerned whether you’ve had passwords leaked, consider heading to haveibeenpwned.com, a website that will take a look at your email address and see if it’s been released in password dumps from security breaches.
While it might be alarming and quite confronting to find that out, it also could end up forcing you to reflect and rethink your passwords to prevent subsequent theft or security issues later down the track.