Passwords – making sure they are secure and why they are important

Written by Mark Wilkinson on March 11, 2019

It is super important to make sure that the passwords we are using (and let’s face it we use a lot these days) are as secure as possible. In this episode, Mark looks at how to create a good, secure password and how to make sure you use different passwords for each service without having to remember them all.

Passwords are hugely important to our digital lives as we have so many services that require them; banks, email, social networking and all the online services that we use. Because we use so many of them, it is crucial that we make sure the password we use are secure and unique.

In this video, I look at how you can make sure that your passwords are just that; secure, unique and so you don’t have to remember them all!

Creating a secure password

If you ever set a password in many online services, including your WordPress website, you get a strength metre telling you whether it is strong enough. The key to getting stronger is making sure you have a password that has at least 1 lowercase and an uppercase letter, at least one number and at least one symbol. But, as I outline in the video, the most important thing is the length of the password. The longer the better, but as a minimum at least 12 characters long.

Ban the word password and use a passphrase instead

The advice now is to actually use a passphrase instead of a password work. By passphrase, we mean selecting a series of words and using these as you password (oops! passphrase) passphrase instead.

Good practice here is to select some words that wouldn’t really go together in a sentence, as it has been known for hackers to use phrases from films, common sayings and even TV shows when trying to hack a password.

The famous xkcd graphic below shows why a passphrase is a good idea.

Why not try out the password haystack I mention in the video.

Use a password manager

A password manager is a system which stores all of your passwords in an encrypted vault. To access the vault you use a master password. This is obviously a weak point and therefore you should make sure your master password is very strong. Many devices today, allow you to use your fingerprint alongside your master password, so you can unlock your vault with your fingerprint, rather than having to type in your master password.

Once you have unlocked your vault you can click on any of your accounts and log in at the tap of a button without needed to remember the password. For all my online accounts, I don’t even know the password as it is just a random, very long string of letter, symbols and numbers.

Password managers I know work well include 1Password, which is the one I use and also LastPass.

With 1Password you can unlock your fault with a master password or your fingerprint.

2-factor authentication

The final suggestion here is to make sure that, for the services that support it, you have 2-factor authentication (2FA) switched on. This is when you need a code, usually sent to your mobile phone, or displayed on your phone using an app, to enter on the login page as well as your username and password.

What it means is that even if someone does guess your password, they still cannot log in without your mobile device.