People still use passwords such as 123456, azerty, Star Wars or their name and year of birth. That is not a good idea, because such passwords are not safe. Some programs can automatically hack accounts by trying out these common passwords. Some programs also use a dictionary to retrieve passwords at a dizzying speed, or use a “cyber-attack” that tries out all possible combinations of characters.
Find out here what you should and should not do to ensure that your passwords are strong and secure. The golden rule for passwords is: the longer the password, the more secure it is.
Use two-step verification
Two-step verification usually involves using something that you know (e.g. a password) and something that you have (e.g. a mobile phone) or something that you 'are' (e.g. a fingerprint). The first step involves logging in to your account with your password (Facebook, Twitter, Google, Microsoft, etc.). The second step involves that account sending a code to your mobile phone which you must then enter in order to gain access to your account. There are also other forms of 2-step authentication, such as using the Google Authenticator App or physical keys. We recommend using 2-step verification if it is available. It is both simple and secure.
Use a password vault
Use a password vault, such as Lastpass , LogMeOnce, Myki, 1Password, Dashlane, KeePassXC, Keepass., etc. The password vault keeps all your accounts and their associated passwords safe. The password vault itself should be protected using a strong password. In that way, you only have to remember 1 password. This option too is simple and secure.
Combine uppercase letters, lowercase letters, numbers and symbols
Numbers, uppercase letters and symbols make your password more difficult to crack. Using numbers, uppercase letters and symbols creates many more possible combinations. You can use them anywhere in your password or passphrase.
Use a long password
Use a password containing at least 13 characters. It is easier to remember a passphrase, but in such a case it is best to choose a sentence that only has meaning for you and that does not contain only existing words. Passphrases are also easy to crack.
Do not use a predictable password
- Do not use personal details, such as your name and year of birth: 'YourName1985'
- Do not use familiar expressions such as "Seize the day"
- Do not use a counter, such as 'Seizetheday1', ' Seizetheday2', ' Seizetheday3', etc.
- Do not repeat characters, such as in 'aaabbbccc'
Do not use the same password for different accounts
It is not recommended to re-use passwords. If your data is hacked on one website, the cybercriminals will also try that same data on other websites. Use long and completely different passwords for your important accounts, such as your e-mail and your social media profile. For less important accounts, such as those with which you do not enter payment details or personal details, you can use variations on a password.
Do not share passwords
Sharing passwords is never a good idea, whether privately or at work. You never know what will happen to your password and it can easily be misused. If you use an account which your colleagues also have access to, then use a password vault to share the passwords in a secure way.
Keep passwords out of view
Do not stick post-it notes with the password to your screen or your desk. It is also not safe to keep passwords in an e-mail or in a document on your computer or smartphone.
Do not use the same password for years
It is recommended to change the passwords of your private accounts every year. For professional accounts, this should be done more often because that information can be even more sensitive.
If one of your accounts has been hacked, immediately change your passwords. Check whether the problem with the website has been solved, otherwise, you will be changing your password in vain.
Do not use 'secret questions'
Some websites ask for an answer to a question: e.g. what is your mother-in-law's name. The answer to these questions can often be found on the Internet. Avoid using secret questions where possible.