9 tips for setting up a secure password | Tech

Does your head starts spinning when you need to create a password for a new account? Don’t worry! The 4th of May is World Password Day and that is why our software engineer Nic Wortel has come up with 9 tips for you to ensure hackers will find it impossible to hack your passwords and that you don't keep forgetting them! Even when creating accounts in the LEVIY dashboard, users should store a secure password. Keep reading! Tip 0.5: Never share your password with other people. Of course, you already knew that, didn't you?

1. Use a different password for each account
When someone knows your password for one account, it is easy to check whether that same password works for other accounts. Therefore it is important to use a different password for every account. This will prevent your email or bank account from being hacked if the password you used once to order something is ever uncovered. Remember that if you have forgotten your password, many websites will email you a new one. That means that someone with access to your email can also easily access your other accounts!

2. Do not use any obvious information
If you use obvious information as a password, you make it very easy for hackers to guess your password. So make sure your password isn’t made up of your username, email address, your name or the name of someone you know, date of birth, or other information that can be found out by someone else.

3. Avoid frequently used patterns
The most common passwords used in 2018 were “123456”, “password”, “123456789”, “12345678”, “12345” and “111111”. “Qwerty” was in ninth place. Hackers know that too and can rapidly check these frequently used patterns. So avoid using keyboard sequences and existing words, as well as combinations of them (such as “password123”). Replacing certain letters by digits (3 instead of E, @ instead of a, 0 instead of o, etc.) is also very predictable and therefore easy to uncover.

4. Choose a strong password
The longer the password, the harder it is to guess. Where a 4-digit password at a speed of 10,000 attempts per second can be cracked within a second, a 10-digit password can take up to 12 days. A password made up of 12 characters takes 3 years to work out! Also use as many different types of characters as possible (upper and lower case, numbers and punctuation) so that a hacker will have to try more combinations to uncover your password. You can test the strength of your password on https://howsecureismypassword.net/.

5. Use a passphrase
The best way to create a strong password is to use a passphrase. This is a password that consists of several words. It takes a lot longer to crack a passphrase because it is longer than an ‘ordinary’ password. It is also a lot easier to remember than a random combination of letters, numbers, and punctuation. When using a passphrase, it is important not to use a known phrase (for example, from a book or a film), because that makes it easy to guess the passphrase. It is better to use a combination of random, hard-to-guess words that are easy for you to remember.

Unfortunately, some websites have a limit on how long your password can be and using a passphrase is not always an option.

6. Manage your passwords with a password manager
The more unique passwords you use and the stronger they are, the harder it is to remember them all. Fortunately, there are various programs that can help you to create, remember and enter strong passwords. As a result, you will only have to remember one password (that of the password manager) and still safely use unique passwords for every site. Examples of password managers are LastPass, 1Password and KeePass. Very handy!

7. Set up two-factor authentication
More and more websites offer the possibility of using two-factor authentication. This means that after logging in with your username and password, you have to follow an extra step to log in, for example by entering a code you have received via an app or text message. As a result, someone who has managed to uncover your password, does not immediately have access to your account. In many cases, this is a mandatory requirement of for instance your bank or DigiD, but you can enable this yourself on many other sites (such as Google, Facebook and Twitter).

8. Be mindful of where you enter your password
Do not enter your password if you have navigated to a website via a link (for example, in an email). Someone may have created a convincing copy of a website in the hope that you enter your username and password (better known as phishing). Therefore, make sure that the domain name is correct and that the connection is secure before you enter your password. A password manager can also help with this, as it will only enter the password if you are on the correct website.

9. Check whether your password has been breached
This website https://haveibeenpwned.com/ collects information about hacks and data breaches and allows you to check if your email address has been found in any such breach. You can also register your email address to receive email alerts if there has been a data breach where your details have been found. If your details have been found in a breach, it is wise to change your password(s).

These tips will help you remember your passwords and prevent anyone else from using your accounts, including your Leviy account. Why don’t you check the strength of your passwords right now and start using a password manager? 

If you have any questions, please don’t hesitate to contact us!