Weak Passwords: Why They’re Risky

TL;DR

Using simple or easily guessable passwords puts your accounts at serious risk of being hacked. This guide shows you how to create strong, secure passwords and manage them effectively.

Why ‘God Passwords’ Are a Bad Idea

A “god password” – one you use for multiple accounts – is a terrible security practice. If that password gets compromised on just one website, all your accounts are vulnerable. Think of it like having one key for your house, car, and bank.

How to Create Strong Passwords

1. Length Matters: Aim for at least 12 characters, but longer is better (16+ is ideal).
2. Mix It Up: Use a combination of:
   
   • Uppercase letters (A-Z)
   • Lowercase letters (a-z)
   • Numbers (0-9)
   • Symbols (!@#$%^&*)
3. Avoid Personal Information: Don’t use your name, birthday, pet’s name, address, or anything easily found online.
4. Don’t Use Common Words: Hackers have lists of frequently used passwords and dictionary words.
5. Use Passphrases: A passphrase is a sentence that’s easy for you to remember but hard for others to guess. For example, “My favourite colour is blue and I like cats!”

Password Managers

Remembering lots of strong passwords is difficult. Password managers are the solution! They securely store your passwords and automatically fill them in when you need them.

1. Popular Options: Some well-regarded password managers include:
   
   • LastPass
   • 1Password
   • Bitwarden (open source)
   • KeePass (desktop application – requires more technical setup)
2. How They Work: You create a strong master password for the manager itself. The manager then generates and stores unique passwords for all your other accounts.

Two-Factor Authentication (2FA)

Even with strong passwords, it’s wise to enable 2FA whenever possible. This adds an extra layer of security.

1. What It Is: 2FA requires a second verification method in addition to your password – usually a code sent to your phone or generated by an authenticator app (like Google Authenticator or Authy).
2. Enable it: Look for 2FA settings in the security options of your important accounts (email, banking, social media).
   

   # Example - Enabling 2FA on a hypothetical website

Checking Password Strength

You can use online tools to check the strength of your passwords. Be careful about entering real passwords into untrusted websites.

1. Password Strength Testers: Some options include:
   
   • How Secure Is My Password?
   • Kaspersky Password Checker

Regularly Update Passwords

Change your passwords periodically, especially for critical accounts like email and banking. If a website you use experiences a data breach, change your password on that site immediately.