10 Tips For Keeping Your Passwords Safe

Heed this advice when protecting your personal information.

Choosing a password is a highly personal activity, and even the gurus at UK2 wouldn’t attempt to steer you in any particular direction when it comes to selecting passwords or character strings. Nonetheless, to avoid some of the more commonly made mistakes when selecting a password, here are ten tips to ensure your login credentials remain safe at all times:

1. Never create a password in public. You can’t be sure who’s watching in a hotel lobby or on a train carriage, and unsecured local networks may fall victim to malevolent surveillance. Unless it’s essential, create passwords in locations where nobody can see your keystrokes and where sensitive data isn’t whizzing through a public Wi-Fi zone.
2. Try to avoid entering your password in a public place. For similar reasons, it’s advisable not to log into secure websites (particularly financial ones) in a place where people could look over your shoulder. If this can’t be avoided, specify passwords with symbols – it’ll be tricky for onlookers to determine whether you’re inputting the number 5 or a % symbol. Similarly, use a mixture of upper and lowercase characters.
3. Disable any ‘show password’ options on mobile devices. Most smartphones and tablets display password characters as asterisks, but some people prefer to view their passwords as they type them in. That might be acceptable on a desktop PC, but it’s certainly not advisable for a laptop or tablet used outside the home.
4. Don’t duplicate the same password for every account. Despite the best efforts of webmasters and IT departments, personal information occasionally gets stolen and passwords may be part of any data harvest reaped by hackers. That’s bad news if your League of Legends password is the same as your online banking accounts …
5. Log off before leaving. This is particularly relevant when using public machines like internet café terminals or workplace hot desks, which have come into vogue in the age of cloud-hosted software. It’s easy to absentmindedly walk away from a shared machine while still logged in, but such behaviour is inadvisable even when you’re merely logged into the company’s network. It’s practically criminal when you’ve been accessing personal websites containing sensitive information.
6. Don’t share passwords. Honourably excepting spouses and IT managers, passwords should not be divulged to anyone. Colleagues often leave to join rival companies, friends can become enemies, and casual acquaintances may turn out to be thoroughly disreputable individuals. Treat passwords like secrets, and keep them to yourself.
7. Never save passwords in a .txt file or Word document on your computer. Since most modern devices are constantly connected to the internet, cybercriminals can try to gain remote access to your hard drive. Their first action on succeeding is commonly searching for documents called Password, or containing keywords like ‘Username’.
8. Keep an offline note of passwords. Writing website addresses and their corresponding passwords in a personal diary or bedside notebook could be an invaluable aide-memoire if any passwords slip your mind. That happens surprisingly often nowadays as a result of the sheer number of login credentials internet users have to remember.
9. Use the Favourites bar for prompts. Hyperlinks in your web browser’s Favourites or Bookmarks bars can be customised with password hints, such as the first two letters or a memory-jolting reference only you would understand. Don’t be too obvious, since these hints might compromise your security if anyone manages to view or download the relevant .htm bookmark file.
10. Try to make use of websites offering two-factor authentication. This augments a password (and often a username) with a follow-up page requesting a security code or additional input string. As well as being far harder for hackers to penetrate, some 2FA sites only ask for a couple of randomly-chosen characters from a passcode. That means even a keystroke logger couldn’t necessarily gain access on a subsequent visit.