Tech advice: you may want to change your passwords

As life increasingly shifts online, we all need more and more passwords. The idea behind passwords is to protect our online security, but new research by the National Cyber Security Centre (NCSC) suggests that many of us use passwords that aren’t secure at all.

It’s something we need to bear in mind, because a poorly-chosen password may leave us more vulnerable to hackers and cyber-criminals. So what are the password pitfalls you should avoid, and how can we make our passwords more secure?

According to the NCSC survey, 15% of the population used their pet’s name as a password, 14% used a family member’s name, and 13% used an important or notable date, such as a birthday or an anniversary. Other guessable passwords include favourite sports teams and a string of numbers such as ‘123456’ (both 6%), or a favourite TV show (5%). Most perilously, 6% of people admitted that they still use the word ‘password’ as all, or as a part of, their password.

There are clearly some issues here. Such passwords can often be brute-forced, with hackers just trying common words to see if they are successful. The top five passwords have over 4.5 million users among them, and they account for more than 38 million combined exposures in data breaches, indicating just how perilous simple passwords are. Names and dates are often easy to obtain by looking through social media as we share a surprising amount of information online, in some cases without even realising.

The issue is not just the passwords we use, but also how often you use them. You should use a unique and strong password for each of your accounts, and turn on extra layers of protection (like two-factor authentication) when you can. Of course, it can be hard to remember multiple passwords, especially as we’re online more and more – 27% of those quizzed say they have at least four new accounts compared to the same time last year, and that rises to more than ten for 6% of respondents.

A fun piece of advice I saw is to write a sentence that no-one’s ever said before, using the first letter or two of each word as a password, with other characters mixed in

What should we do, then? NCSC communications director Nicola Hudson advises: “I would urge everybody to visit cyberaware.gov.uk and follow our guidance on setting secure passwords, which recommends using passwords made up of three random words.” It recommends choosing three random, unconnected words as a password because they’re unlikely to be used anywhere else online, and that makes them harder to guess. The NCSC also recommends adding exclamation points or other symbols if they’re required, and saving these passwords in a browser’s password manager.

Research has shown that making a complex password requires a lot more than just adding a ‘1’ or an exclamation mark to the end of a word. A password should ideally contain at least 12 characters and a mix of cases, digits and symbols in unpredictable places. A fun piece of advice I saw is to write a sentence that no-one’s ever said before, using the first letter or two of each word as a password, with other characters mixed in.

It may feel like a burden to change all of your passwords, and they are an annoying thing to contend with, but we need to ensure that they’re safe. Some of the stats about online crime are genuinely terrifying – do what you can to avoid becoming a victim.