To unlock a phone or your computer, you usually need to enter a password. To log into your Wi-Fi router or your email programme, you need a password. Even when encrypting your data, you will be asked for a password. Therefore, a strong password is the major step toward protecting your data. The more often you change your password, the better protected you are. The password used to enter your devices or to log into (messaging) accounts should be changed at least every three months. The password of your Wi-Fi router should be altered twice a year. For any other function, change the password at least once a year.
Some advice on creating a strong password:
- > Use different passwords for each account
- > Never use a word that can be found in a dictionary
- > Never use names or birthdates of family members, friends or pets
- > Aim for longer passwords, a strong one has about 15 characters
- > Include random lowercase and capital letters, special characters and numbers
Most people have difficulty remembering complicated passwords. An alternative is to use passphrases like: WIw8,mlbtmcitt (‘When I was eight, my little brother threw my cat in the toilet’).
There are various websites to help you test your password and provide an indication of how long a regular home computer or a very fast super computer would need to crack it. One such a website is Kaspersky. Entering your real password on sites like these opens you up to security risks, so check the strength of one that is similar to it.
If you cannot remember every password for all your accounts, use apps like “KeePass” or “Safe in Cloud”. They store passwords for you safely, encrypt the information and are only accessible when entering a (very strong) master password. These tools usually include a password generator, too. You will also find similar tools in the respective app store of your mobile phone.
Aside from password storage and protection, the use of one time passwords (OTP) is also highly recommended. These passwords are only valid for one session and are used in addition to a standard password, which is known as 2-factor-authentication (2FA). This technique is comparable with a TAN generator that banks use to make financial transactions. The OTP is either sent via text message, generated through a smartphone app as “Google Authenticator” (Android/iOS), “Authenticator Plus” (Android) and “2STP Authenticator” (iOS) or via a special token. A lot of common services like Facebook, Gmail or Twitter offer OTPs already. Some alternative email service providers (i.e., Mailbox) offer such an option of 2-factor-authentication.