The Importance of Secure Passwords

By Soheb

The importance of secure passwords cannot be understated, and it can be hard to know where to begin. Luckily, we have some easy tips on how to get started.

Secure passwords are one of those things that is so important to navigating online and keeping your data secure, but it feels so bewildering to achieve. With news stories of yet another website being breached and having all the passwords stolen, it's hard to feel safe online.

It starts off with when you were fairly new to the internet and you start off registering with internet services with a pretty rubbish password (lets say "ilikecats") - you know, just to get into the service and get started with the online world. Then you forget about it and carry on using the service, entering your rubbish password over and over until it's burned into your head.

And then you go off to join the next new-fangled internet sensation online - just slap in your username and password as before and off you go, you're good to go! But then some other fancy new thing arrives and you use the same username and password as before and before you know it, you're joined up to all these websites with the same (or at least similar) username and password as before. So what's the harm, right?

Lets say you join a social networking site at some point. Lets say that you forgot about it amongst all the websites you've joined up to, including online shopping stores. And lets say that the social networking site got hacked and hackers managed to extract your password from the website's database. Well now that hacker knows your password along with your username. This means the hacker can go to popular websites and try to enter your username and password into these sites.

If you're particularly unlucky, the hacker will be able to login into a website with your credit/debit card details and run up your bill. You'll then have to spend weeks, if not months, cancelling your cards, explaining to banks and credit card companies of the embarrasing situation.

So how can we stop this from happening? Security experts strongly advise having a new password for each site. But let's be really honest - we are all joined up to multiple websites and the thought of having to have a brand new password for each of them? That would make any person despair.

Luckily there are lots of solutions to this problem, and we are going to go through some of them.

Two Factor Authentication

The most easiest and simplest way to increase your security is try using two-factor authentication.

The easiest way to manage two factor authentication is via the use of a Yubikey. These are little USB devices that, when prompted by a website, you plug into your PC's USB port and press the button, then watch as you are logged in without having to pull up any funny codes. It's far more easier than pulling out the phone and punching in the 6 numbers approach mentioned above, and it's becoming more widely adopted by the day.

If you aren't convinced and/or don't want to plop down money on two factor authentication, there is a cheaper way: this involves downloading one app of your choosing that supports two-factor authentication (such as Microsoft Authenticator for iOS or Google Authenticator for Android), going to the website of your choice that supports two-factor authentication, and setting it up. Don't forget to keep a copy of the backup codes in case you loose your phone and you need another way in!

Password Managers

Password managers are a super convenient way of storing passwords securely for lots of websites - some of the best being LastPass, 1Password, and BitWarden. A lot of these also have a password generation feature which allows you to generate some incredibly secure (if a bit gnarly) passwords.

You know how some websites won't allow you in unless you have at least 8 characters and some of them must be numbers and so on? This is where password managers can really come in useful - all modern password managers come with a lot of dials so that you can choose how long or short your password is, if it should have numbers or special characters, and so on. This way, you can create unique passwords for all the websites you are with, so if one website has been hacked, you won't be panicking, just midly frustrated until you reset your password with another randomly generated password and move on with your life.

Check against attacks

Continuing on from password managers, a lot of password managers offer a feature to check if your password is compromised or not. A lot of these features are behind a premium which you have to pay for, but in return you have access to all sorts of other benefits (like being able to use two factor authentication/Yubikeys with your account). Again, it's understandable if you don't want to pony up cash immediately, so you can navigate to Have I Been Pwned, put your email address in (not password) and check if there are websites with that email that have been compromised. It's 100% free (and incredibly scary to find out you have been compromised).

In terms of security, you really should consider looking into the premium features of these services and picking one - the peace of mind easily outweighs the negatives and you can easily avoid a lot of pain and hassle in the long run.

Interested in learning more about us?