Don’t Pass on Password Security

#Digital Organisation
Written By Vicky Little

It’s World Password Day on 7th May.  A day dedicated to raising awareness about the importance of strong password security, and an opportunity for us all to review our password practices and be confident our online accounts are as secure as possible.  

Password security is something we all need to be mindful of, because one compromised password can put our online accounts at risk of:

  • ‘Account takeover’ (when hackers lock you out of your own accounts and use your identity to scam your contacts or spread malware)

  • Financial theft

  • Identity theft or 

  • Irreversible data exposure (sensitive personal data or biometrics cannot be ‘reset’ once leaked) 

High stakes indeed and in today’s digital world, passwords are unavoidable.  I, for one, have hundreds of them and many of us have them stored all over the place.

So where do we start with having an organised and secure system for creating, storing and accessing all of our passwords? 

My top tip:

If you have your passwords currently scattered everywhere, it’s worth investing in a password manager such as 1password or Bitwarden.  According to the National Cyber Security Centre a password manager, ‘stores passwords safely for you, meaning that you can have unique passwords for each service as you won’t need to remember them’   

Additionally they often have other features to help your security, such as automatic password generation, autofill function, synchronising your passwords across different devices and compromise warnings. 

Fellow Professional Organiser and APDO member Gemma Stevenson of Your Organised Space, uses Bitwarden, and for her there are no downsides.  Gemma pays an additional cost for a family account (for up to 6 people).  It works for Gemma and her family because, 

  • of the ability to hold complex “strong” passwords with no need to remember them

  • the fact it works across her laptop and mobile

  • and the ability to use each other (she and her husband) as backup if they’re unable to access it (if they forget their passwords, or if one of them is incapacitated for example)

If you’d rather not delegate password creation to a password manager, then here are some rules for creating strong passwords on World Password Day:

Do:

  • Use at least 16 characters - length is the easiest way to make passwords practically unbreakable

  • Use the three random words rule (e.g. doghungryskateboard).  The longer and more unusual your password is, the harder it is for a cyber criminal to crack.  Some systems require you to include a mix of characters.  To meet such requirements, change some letters or insert some digits or symbols.  

  • Enable two-step verification to help protect your accounts from unauthorized access even if the password is stolen. This process requires two forms of identification to log in: something you know (password) and something you have (a code sent to your phone or an app)

Don’t:

  • Use the most common passwords that criminals can easily guess (like ‘password’)

  • Create passwords from significant dates (like your birthday), your favourite team, or by using family and pet names as many of these details can be found within your social media profile

  • Underestimate cyber criminals, as they know the tricks.   Changing certain characters in your password (swapping the letter ‘o’ with a zero, for example), won’t make your passwords significantly stronger, but will make them harder for you to remember  

  • Use the same password for multiple accounts - Creating different strong passwords for every account will limit the damage if your personal details get leaked

Vicky Little
Next

Clearing Space, Clearing Minds