Passwords are a nightmare: many of us have set, forget, and reset them enough that we use the same one or two combinations for everything. Some use the same password for everyone in their family. But this practise, known as password reuse, is akin to using the same key for your house and car: criminals with your password in hand could access accounts that share the same login as much as a thief with your universal key could rob your house and drive away in your car.
Here’s how to have secure passwords that are easy to access so you never click ‘reset your password’ again.
Scams Awareness Week: five ways in five days to free and easy cyber security
Use a password manager. They are built into Apple, Google, and Samsung phones, web browsers, and are stand-alone apps. Most are free.
Huge lists published online containing millions of hacked usernames and passwords increase the chance that criminals will compromise accounts with reused passwords.
These attacks occur at scale. Criminals can automatically cycle through thousands of compromised logins until an attempt is successful.
Forget your passwords
Use a password manager. These set and store highly-complex, random passwords inside a secured service that is protected with the only password you need to remember. Set one password and forget the rest.
There are many free and easy options available, but you may find it easiest to use the built-in managers you may already have.
Apple’s iCloud keychain password manager is built into iPhones, iPads, Mac OS, and the Safari web browser. Google’s password manager is built into Android-based phones including Pixel and Samsung lines, tablets, and in the Chrome web browser.
Web browsers Firefox and Edge also contain a built-in password manager, while separate free and paid apps exist that work across all mobile devices and computer operating systems.
A good password is a Sentence1
Prevailing advice for decades has taught people to use passwords that are hard to remember and often easy for computers to break.
Requirements to set passwords with an upper and lower case letter, a number, and a special character result in people setting predictable passwords like P@ssw0rd1 or Summer2020!, and hackers know it.
Ultimately, security that comes at the expense of convenience inevitably comes at the expense of security.
So make the last password you need to remember for your password manager one that is strong but easy to remember by using a phrase that is unique to you.
Write it as a normal sentence, complete with spaces, and throw a number somewhere to make a highly original combination.
Ensure your password manager is active whenever you wipe or buy a new phone or laptop. The software will capture your usernames and passwords as you log in to apps and sites, often a one-time requirement on mobile devices.
Your password manager can start warning you if your accounts are reusing passwords once the manager has saved a collection of them. You can use the inbuilt features to generate a new strong random password with which to replace it.
Start by changing the passwords that protect your most valuable accounts. Bank accounts, email, social media, and any associated with a business you may operate including website, email, and mailing list administration. These are popular targets with criminals.
Prioritise changing breached passwords. Many password managers alert when your passwords are found in hacked lists giving you the opportunity to change them before they are used by criminals.
You may also choose to visit haveibeenpwned.com, a legitimate security service, which collects and conceals the same hacked usernames and passwords allowing people to check if they are affected.
Scams Awareness Week runs from August 17 – 21. Make sure to check out our Cyber Security Hub for the latest info on staying safe from threats. Also see the ACCC’s ScamWatch podcast series on identity theft by the team at the ABC’s The Chaser.