123 Reg logo Blog

6 top tips on password security

By Tim Fuell - July 17, 2012

Almost every week the news channels are busy with a story on another big high-profile password breach, the latest being Yahoo  investigating a breach via its Yahoo Voices servers.

Here at 123-reg we recently altered our entire password and login procedures to improve customer security and peace of mind, yet even with regular prompting many people still leave themselves open to potential risk. It doesn’t matter how strong the gateway of your information holder, if you make accessing your account easy you make yourself vulnerable.

So here’s six tips on choosing your password to minimise the risk of being hacked.

1. Treat your online home as you would your offline home

You wouldn’t get the same key cut to open your front door, your back door, windows, car, cupboards, any lockable bags or boxes, etc, so don’t use the same key or password for every account you have. In fact you should use a different password for every website you use. That may sound like a minefield of passwords to remember, but it can be done – perhaps by using passwords that remind you specifically of that site or the services it offers – remember to avoid the obvious though!

2. Ignore Phishing emails

We’d like to think we’re all wise to these now, but opening up that email bleary-eyed first thing in the morning you may not be quite as alert as you need to be. The key point to remember is that even if it looks like an official communication – and you can often spot a pixelated logo, or spelling mistake – if you are asked to reveal personal information such as name, password, etc make sure you are certain it is a genuine site. Also beware of the links you click to avoid downloading harmful malware.

3. Change your passwords regularly

It may sound like it is complicating matters again, but it pays to be ahead of the game. By setting password change as part of your monthly or even weekly schedule you will re-inforce the importance of password security too, so it will keep your mind focused and help even more towards minimising the risks. There’s a reason many sites will regularly prompt you to change your password, so follow the protocol across all sites you login to.

4. Make sure your password is strong

Most sites will give you an indication of password strength when you input a new one, so pay attention. A combination of letters, numbers and symbols works best, as does a mix of lower and upper case characters.

5. Consider using a combination of pass words to create a passphrase

If remembering a whole host of passwords is going to prove difficult, this little cartoon may help inspire. Basically using a combination of four random words and swapping their combination between websites, will give you a higher protection than even a standard mix of numbers, letters and characters that you re-use across sites. While it is difficult to guess – even with advanced computerised checking systems – it is very easy to remember as you know the four words used in the passphrase generation as well as your own name and probably have them ingrained in your brain.

6. Don’t be lazy or lax

It sounds silly but so much that we do is online nowadays it is easy to forget basic protections. Don’t write passwords down and certainly don’t store them on your PC or laptop – even in encrypted form they are tempting for a keen hacker. Apply the same rules to your password creation whatever site you are creating an account for. Firstly this keeps you focused and trained to using a more secure system and secondly.

Finally, while password management sites, apps and programmes may have a place in helping you, remember they are just as vulnerable and probably bigger targets when compared to other websites. Last year LastPass admitted a security breach with the issue again highlighting the vulnerability of using weak passwords.

Do you have any password top-tips? Care to share?