The cardinal rule of safe passwords is, convenience is your enemy.
“This means no children’s names, pets’ names or the street-where-your-grandma-lived type of passwords,” Don Duncan, Security Engineer at Mastercard-owned NuData Security, said in a statement provided to Fox News. “Stay away from anything that would constitute a recognizable word or name especially related to the user.”
Gary Davis, Chief Consumer Security Evangelist at computer security giant McAfee, has come up with a list of best practices and they are as follows:
- See if your passwords are exposed. If so, change them. Go to a site such as haveibeenpwned.com, which will show you if your passwords have been compromised and are available to bad actors. (Google also offers a tool called Password Checkup that tells you if your password has been hacked.)
- The less obvious and more obscure the password, the better. This echoes NuData’s advice above: do not use weak passwords and especially avoid personal details within your passwords and dictionary words.
- Choose unique passwords across all of your accounts. “Many consumers utilize the same password, or variations of it, across all of their accounts. This means if a hacker discovers just one password, all personal info is suddenly at risk,” McAfee’s Davis says.
- Special characters. Passwords should always contain a variety of capital and lowercase letters, numbers and symbols.
- Enable two- or multi-factor authentication. This is well known to iPhone users when you’re asked to verify a log-in to your MacBook on a “trusted” iPhone or iPad. This reduces the risk of impersonation by hackers.
- Use a password manager. With password managers, you’ll only need to remember one master password in order to access the rest. Many password managers can also generate strong passwords to utilize when creating new logins.
Another good password-safety tip is, avoid using your browser's autofill forms feature. Though irresistibly convenient, the autofill function is often used to save your passwords. So, if someone breaks into your device, they get instant access to your online accounts. This feature can be turned off when using Google, Firefox and other browsers.
It's important to remember that password-protected devices are vulnerable.
One way to make them more secure is to buy a device with a biometric ID such as Face ID or a fingerprint reader. For example, with Face ID on the iPhone, you can now access your bank account instead of using a password. And many Windows laptops also now come with some form of biometric ID.