In this day and age of ever growing utilisation of, and reliance upon, digital platforms and apps our digital footprint can only grow. As a result of this, it becomes more and more important that we all practice good password hygiene. A secure password significantly reduces the risk of unauthorised access to our accounts and devices, keeping our personal information secure. If you, or your business, have lax password protocols (such as password recycling or using simple passwords) your risk of being hacked is greatly increased.

There can be significant consequences when not following good password hygiene; if your personal data, emails, financial account information and other details fall into the hands of bad actors you can be put at risk of identity theft, which can have significant and long-lasting repercussions. By using a strong, regularly updated password you can significantly reduce the risk of becoming victim to bad actors.

Cyber security has been a hot topic for some time now, and this will continue to be the case for the foreseeable future. One of the most straightforward ways for a bad actor to gain access to your information is to guess what your password is (especially simple if you use a very common password). 

Other methods bad actors may use include

• Brute Force Attack: a simple attack method with a high success rate. Automated tools that pair numerous username combinations and passwords until it finds a match. The more straightforward the password is to guess, the more likely it is for the Bad Actor to break into your account and device.
• Password Dictionary Attack: a more sophisticated attack whereby hackers attempt to crack a password by using a dictionary consisting of a wordlist, with heaps of credentials leaked from previous data breaches. They run this dictionary against your passwords, making your devices and accounts vulnerable if your passwords are weak and there is a match.  
• Phishing: the most common way of stealing your password is through phishing. The success of this attack relies on being able to deceive a victim with legitimate information but acting on malicious intent. Phishing is the method of a Bad Actor sending out spoof emails that look to be from a legitimate source, asking the victim to click on a link or send passwords.

How to create stronger passwords

There are numerous ways to defend yourself and your business against password security threats. If you are guilty of using 12345, qwerty, london, or even recycling some of your passwords across platforms (or by simply adding a different number at the end), read some of our recommendations on creating a strong password. Below are some tips to aid you in safeguarding your personal information.

The do's:

• Use longer passwords: the longer a password is, the harder it will be to guess or brute force. It is recommended to use passwords of greater than 10 characters in length;
• Use a combination of characters and cases: mixing upper and lower case characters, as well as numbers and special characters, makes it much harder to guess or brute force the account password;
• Use a string of words together: for example "umbrellachainautomobilehotelfoxtrotbloodhound" using 7 words back to back is much harder for automated tools to break as the combination of words in the right order is hard to generate;
• Use different passwords: use different, unique passwords across different accounts (for example, do not use 'password1' 'password2' and 'password3' as this pattern is easy to guess if one of them is compromised);
• Implement 2-factor authentication: the additional step of 2-factor authentication makes it even harder to access an account even if the password itself is compromised.

The don'ts:

• Do not use publicly available personal information in your password: using information relating to yourself in the password, such as the city you live in or your date of birth, makes it much easier to guess your password - especially if this information is available publicly.
• Do not use single common words along with a year: Netflix2022 or summer2021 can be easily guessable, especially if put in combination with the name of the account the password is for;
• Do not write down your credentials on paper: if someone gains access to this then no matter how good your password is they will gain access;
• Do not reveal your password to 3rd parties: even the company/service/bank itself will not need to ask your password.

A final thought

With all of the above do's and don'ts it can seem overwhelming to cope with all ofthis, especially with the growing volume of apps and services that we use. Using a reputable password manager can make securely managing your passwords much easier, especially as many of them also include functionality to generate secure passwords, and also they will alert you if you are using duplicate passwords across your accounts.

The information contained in this article is provided for informational purposes only and does not constitute professional advice and is not guaranteed to be accurate, complete, reliable, current or error-free.

The information contained in this article is provided by White Blue Ocean, part of CRIF Group, a global company specializing in credit & business information systems, analytics, outsourcing and processing services, as well as advanced digital solutions for business development and open banking.