We’ve all had those annoying pop-ups when creating a new password – you must use one special character, one capital letter, six letters, 2 numbers, one emoji…. (maybe not that last one.)
Given the possible risks, it’s understandable that companies want you to use complicated and harder to guess passwords. Unfortunately, what many of us do is create passwords that obey the rules whilst being easy to remember and often use the same password, or similar ones with little variations, every time we’re asked to “create a new password.”
These passwords often involve personal information such as pet names, birth years and an exclamation mark at the end e.g. Rocky2017! The problem arises is that hackers can easily find your personal details such as your pet’s name on social media and then try every possible variation very quickly using software.
This is why the new guidance highlights that length of password and unpredictability is more important than the special characters and other rules mentioned above.
Here are a few tips for creating safer passwords:
- A random four-word phrase – SocialUniversityReportEvent – is actually tougher to crack than any random 8-character password.
- Add special characters and capital letters but don’t put them at the beginning or the end.
- Check your password’s strength on https://howsecureismypassword.net/
- Lie when answering security questions – you’ll be surprised how easy it is to find someone’s mother’s maiden name from social media.