Other than news sites and hobbyist blogs, it’s hard to find a website which doesn’t require a username and password combination nowadays. From the AA to YouTube, login credentials are used – among other things – to confirm identity, view account information, and enable a user to leave comments. And since every additional website saved in your Favourites or Bookmarks folder increases the number of logins required, it’s tempting to use the same identity and security code across every site.
It goes without saying that this is highly inadvisable. If one of those websites gets compromised by a hacker, or a single customer database is sold on the Dark Web, criminals could theoretically log into every site you’re registered with. Automated algorithms probe for entry points by inputting known username and password combinations into numerous different websites. And once a fraudster is inside, they can wreak havoc. Online password security is too important to gamble with.
You shall not pass
The most obvious way to eliminate such risk is by using a different password for every account. However, this is impractical without an eidetic memory. Writing them all down might work on a notepad which can live beside a desktop computer, but will be useless for mobile devices like smartphones or tablets. Resetting passwords all the time raises security concerns, and it also relies on Password Reset emails avoiding ISP spam filters.
Fortunately, there are plenty of things we can all do to improve our online password security. And choosing a password which is easy to remember doesn’t have to compromise its safety. These are UK2.NET’s tips and recommendations for optimal online password security:
Don’t follow clichés.
The most commonly used passwords in America are ‘123456’ and ‘password’ – frequently pre-set defaults which users haven’t bothered to amend. Using the names of loved ones or pets is inadvisable, and even memorable dates could be guessed by people with knowledge of your circumstances. Conversely, a character string like C0r0nat10n5treet would be unlikely to jeopardise online password security.
Add prompts to your Bookmarks or Favourites bar.
Technological convergence means bookmarks from your chosen web browser are often available on other devices. If your BBC.com account has the password Trinket147, add the phrase T147 after the BBC.com bookmark. Even if a hacker gained access to a personal device, they wouldn’t understand the significance of the uppercase T, or what this aide-memoire actually means.
Use longer passwords.
Websites that accept uppercase and lowercase letters and numbers offer 52 possible combinations for each character. A six-digit password would provide 19,770,609,664 possible combinations, but a ten-digit password could be any one of 133,555,105,949,057,024 combinations. While the former might be cracked with a powerful enough algorithm, the latter would be effectively impossible to acquire unlawfully.
Install a password utility tool.
LastPass is perhaps the best-known example of a website which stores hundreds of login fields, security codes, passphrases and usernames in a single location. Logging into this site requires memorising a single set of authentication data, before clicking through to destination websites and being automatically logged in. Some platforms offer multiple device synchronisation, supporting access via several different machines.
It’s not just a password choice that may expose you to risk. Typing an online banking password into a browser is inadvisable if you’re sat next to a stranger on the train, as is submitting sensitive data across insecure public wifi networks. Disable the ‘show password’ option on web browsers, log out of websites before walking away, and never share login credentials with anyone you don’t fully trust.