One of the very first things we do when setting up a new device or logging into a new system is choosing a password. It’s like turning the key in your front door. It’s the first step to your private information, countless details hidden behind those – hopefully – random letters and numbers. But sadly, that’s not always the case.
Studies have found that almost two thirds of people use a similar password across multiple accounts, with 13% of people using exactly the same password for all their accounts. Red flag? Absolutely.
Using the same or similar passwords across multiple accounts is like leaving the front door of your house open and just asking people to come in off the street and take what they feel like. All it takes is one account to be compromised and you could lose access to all your data, potentially costing everything in damages.
So, what should you do to remain safe and ensure your passwords are never compromised? We’ll show you how to choose the safest password.
How To Choose The Safest Password: Password Safety Tips
- Never use the same password across multiple accounts – it goes without saying, but having a unique password for everything makes each item harder to hack. It means that if one account does happen to be compromised, you can be confident everything else is still secure
- Set up multi-factor authentication – this means that you’re asked to confirm via text or email when you log into an account, or sometimes now with face ID or fingerprint verification. This is an extra layer of security which means that if your password is compromised, your account will still be protected against a hacker
- Use a password manager – keeping track of all your passwords can be difficult and confusing, which is why people often opt to use the same one instead. To avoid this, set up a password manager across your devices so your passwords are automatically remembered – in the best cases, this requires your fingerprint or face ID to work, meaning your account won’t be compromised if your device is lost or stolen
- Remember uniqueness is more important than complexity – a lot of people think that having a very complicated password is the best option for increased protection. In fact, uniqueness is the most important factor; having a unique password for every account is key as this limits how many accounts may be compromised by an attack
- Try using a passphrase – if you find passwords are still too complicated to remember, try using a passphrase instead. This is a random combination of three words and numbers, that are difficult to guess but easier to remember than a completely random password. For example, try using sheep11bottle3motor9 instead of H2ju[sU7fN/.Ol as the passphrase is a lot easier to remember
- Avoid significant or personal details – one of the worst things you can do with passwords is use something that is significant to you, like your birthday or your dog’s name. While this is very easy to remember, it’s also very easy to hack and could seriously put your account at risk
The Worst Passwords
Unfortunately, despite all the options we have to create unique and secure passwords, the most common passwords still used each year are the easy ones. The most frequently used password since introduction has been 123456 followed by password and 12345678.
These passwords are incredibly easy to hack and using one on your systems could put you at great risk.
Best practise for setting passwords in your organisation
Within an organisation, it’s very hard to ensure everyone is following password best practise without compromising everyone’s passwords. Ensure that whenever a new device or account is set up, the random password is changed immediately to something unique and that everyone is set up on a secure password manager.
Want to find out more?
If you want to find out more about how password training can help protect your organisation, then Boxphish has a number of courses and learning journeys which can help.
At Boxphish, we are passionate about providing our users with the skills needed to identify and avoid cyber security attacks, reducing risk and protecting both the individual and the organisation. We use interactive phishing training and real-world attack simulations to educate and train our users, with courses tailored to individual needs and industries. Click here to find out more and book your demo today.