We’ve all had those annoying pop-ups when creating a new password – “you must use one special character, one capital letter, six letters, 2 numbers, one emoji” …. ok, maybe not that last one.
Given the potential risks, it’s understandable that companies want you to use complicated and hard-to-guess passwords. Unfortunately, what many of us do is create passwords that obey the rules whilst being easy to remember and often use the same password, or similar ones with little variations, every time we’re asked to “create a new password.”
These passwords often involve personal information such as pet names, birth years and an exclamation mark at the end e.g. Rocky2017! The problem here is that hackers can easily find personal details like your pet’s name on social media, and then try every possible variation very quickly using software.
This is why the new guidance highlights that the length of your password and its unpredictability is more important than the special characters and other rules mentioned above.
Here are a few tips for creating safer passwords:
- A random four-word phrase – SocialUniversityReportEvent – is actually tougher to crack than any random 8-character password.
- Add special characters like $ ? ! % & @ and capital letters, but don’t put them at the beginning or the end.
- Check your password’s strength on https://howsecureismypassword.net/ or https://www.safetydetectives.com/password-meter/
- Don’t always tell the whole truth when answering security questions – it’s surprisingly easy to find someone’s hometown or even their mother’s maiden name from social media.