BC Association of Community Response Networks

6 Tips for Stronger Passwords: Protect Yourself Online

Fingers typing in a strong password on a keyboard

It can be so annoying when you get that darn computer message: you need a stronger password. But one breach can be costly, time-consuming and expensive. Here’s how to create strong passwords and why you need them.

It’s so hard to keep complex passwords in our memories, never mind the easy ones you may have set months ago. That is exactly what fraudsters are counting on when they try to hack into our accounts. Let’s look at a few ways that criminals figure out our login details, then use that knowledge to create safe, strong passwords.

The “Do Nots” of Creating Secure Passwords

  1. Don’t use real words: In “dictionary attacks,” professional criminals use software that scans the internet for passwords using recognized words. These include slang words, words spelled backward and symbols replacing letters (such as using “3” instead of “e”).
  2. Banish easy passwords: Security experts agree: “two out of three people reuse passwords across accounts, one in three share codes with others, and nearly 40 percent have been hacked.” Millions of people in North America use passwords that are so common, anyone could guess them. The most frequently used is “123456.” The next most common is “12345,” followed by “password,” “111111,” “princess,” “qwerty” and “abc123.”
  3. Dump simple answers to security questions: People commonly use the first name of their spouse, child or pet, birthdays and anniversaries, and house numbers to answer security questions. These can all be easily answered with a simple Facebook or social media visit. Hackers’ software will scan your accounts and that of your friends, kids and grandkids, quickly ascertaining who is who in your life. One trick is to use a very unusual answer not related to the questions.
  4. Do not reuse passwords on different sites: While it seems like a chore to keep track of various passwords, repeating the same password leaves you in a very vulnerable spot. Once hackers break into one of your accounts, they will have the key to the safe, so to speak. Never repeat passwords. (More on how to easily manage passwords later.)

Six Steps to Stronger Passwords and Online Security

You might be feeling a bit panicked about password security right now, but don’t worry. Understanding fraudulent behaviour will help you create safer passwords for all your online activities.

  1. Long passwords: Software security advisors recommend a string of 12-16 characters. That’s because the automated software used by hackers will only try to break a password for so many seconds, then move on to the next. Success for bad guys is how many accounts they can quickly break into before being detected. So for us good guys long is good.
  2. Complex passwords: Most websites ask you to create passwords using a combination of upper and lower case letters, numbers and symbols. Remember that we shouldn’t use real words. Here’s a trick you can try to create unbreakable, safe passwords.

Think of your favourite song and the memories it brings you. If you heard “Only You” by the Platters when you met your spouse Lucy at the county fair in 1958, you would repurpose the first line – Only you can make this world seem right – by using the first letter of each word plus the additional information. That would give you: OycmtwsrLCcf#58. That’s 15 characters and no one could guess it but you.

  1. Password managers: Even with clever lyrics for clues, it will be hard to remember numerous passwords for all your accounts. You may choose to write them in a notebook that you keep safely tucked away, or you can download a free password manager. This software will generate strong passwords, then safely store your username and password when logging into your sites. With a password manager, you only have to memorize one password. A few to investigate are Password Manager, Last Pass and 1Password. There are many others, so read up and see what suits your style.
  2. Two-factor identification (2FA): Say yes to 2FA. Banks, credit cards, government websites and many others are now asking us to use two-factor identification. This is a second layer of proving your identity when accessing your accounts. The first factor is your password, and the second factor is a code sent to your smartphone or email that you must enter as a final login step. 2FA is not foolproof, but it makes accessing your information much more difficult for fraudsters.
  3. Avoid public wifi: In public places, fraudsters can access your phone or computer using public wifi. Do your banking, shopping and other confidential activities using data while you’re out, or at home using your own wifi account.
  1. Update your passwords: No matter how careful you are, even safe passwords can be compromised. You may have shared it with a family member or caregiver, or it may have been decoded by a fraudster. Update your passwords every few months. Using a password manager makes this job a snap.

Creating and managing strong passwords is an important step to staying safe online. Convert your simple passwords to ones that are indecipherable to fraudsters’ tricks. Consider using a password manager for ease of use and protect yourself with two-factor identification.

CRNs: Here are two topics or social media posts to get you started:

Two out of three people reuse passwords on various websites. #PasswordSecurity starts with complex, unique passwords on every site. #FraudPreventionMonth #fraud

The most frequently used password is “123456.” The next most common are “12345,” “password,” “111111,” “princess,” “qwerty” and “abc123.” Don’t join the 40% of North Americans who get hacked. #FraudPreventionMonth