Published date:
World Password Day is on the first Thursday of May and provides a timely reminder for us all to look at our passwords.
The Northern Ireland Cyber Security Centre (NICSC) encourages everyone to assess the current strength and security of the passwords they use to secure our online accounts.
How do hackers discover your passwords?
There are numerous techniques that hackers use to get access to your passwords such as;
- Using social engineering to trick you into revealing your password (e.g. phishing and coercion)
- Using passwords leaked from data breaches (You can use websites such as Have I Been Pwned to see if your email address has been included in a data breach on various websites). If your email has been shown as compromised, change the password on both the affected account and your email.
- Password spraying where hackers use a number of commonly used passwords to try and access your account (e.g. passwords such as Password1, summer123 etc).
- Brute-force attacks where hackers run a large number of passwords against an account until the correct one is found.
- Shoulder surfing – watching you as you type in your password.
- Finding passwords that have been stored insecurely, such as written down on a piece of paper and left lying about.
- Manual password guessing using personal information about you such as important dates, favourite sports team, pets names etc.
The best way to protect your online accounts is to create strong and individual passwords for your accounts.
Creating Strong Passwords
The current advice is to use three random words such as ‘deskmobilelake’. Using passwords like this makes it harder for hackers to crack. We also suggest adding in a mix of capital letters, numbers and special characters to add more layers to your password such as ‘D3skM0b1l3L@k3!’.
How do I remember all my passwords if I should have separate ones for all my online accounts?
The best way to remember all your passwords is to use a password manager which securely store your passwords either in an app or via a web browser.
There are many different password managers online or in the App Store/ Google Play Store for you to choose from. Research and choose the one that is best for you.
Why should I use a Password Manager?
There are many advantages to using password managers some of which are;
- They make is much easier to use strong, complex & unique passwords across different accounts
- They can help spot fake websites and can help prevent you from falling victim to phishing attacks
- They can generate new passwords when needed and paste them into the correct places
- They have the ability to sync your passwords across all your devices
However, there are some risks to using a password manager which can be;
- Password managers are still targets for hackers so you do risk losing all your passwords in one go.
- If you forget the password for your password manager you will not be able to get back in. Meaning you will need to reset all the passwords for your accounts separately.
- They can’t be used for every account, (e.g. some banks don’t support the use of password managers).
Password Resources
Further information, guidance and support on passwords can be found in the links below
www.nicybersecuritycentre.gov.uk/cyber-protections
www.ncsc.gov.uk/cyberaware/home(external link opens in a new window / tab)
www.ncsc.gov.uk/blog-post/three-random-words-or-thinkrandom-0(external link opens in a new window / tab)
www.ncsc.gov.uk/collection/top-tips-for-staying-secure-online/password-managers(external link opens in a new window / tab)
www.ncsc.gov.uk/guidance/setting-two-factor-authentication-2fa(external link opens in a new window / tab)
www.haveibeenpwned.com/(external link opens in a new window / tab)