Managing passwords can feel overwhelming, but staying safe doesn’t have to be a chore. Use these simple strategies to protect your digital life.
Forget trying to remember random strings like P@ssw0rd!. Try picking four random, unrelated words like CoffeeCloudMountainTurtle. It’s much longer (which makes it harder for hackers to crack) but much easier for you to visualize and remember.
Or pick a favourite song lyric, favourite holiday destimation or memory. Hard to be cracked, and a fun reminder everytime you type it in.
Scammers can easily find out your birthday, your spouse’s name, or your pet’s name by looking at your social media. If it’s public knowledge, don’t use it in a password.
Enable Two-Factor Authentication (2FA) whenever possible. This sends a quick code to your phone when you log in. It ensures that even if someone steals your password, they still can’t get into your account.
There are generally 3 “Factors” that a website can ask for as proof that it “you” trying to log in, alongside your username/email address
So using 2FA, or MFA (multi factor authentication), simply means using two or more factors to identify you.
This is good because if someone has been able to steal or guess your username and password - on it’s own that isn’t enough to be able to sign in as you. A theif would also have to have stolen you phone - which is far less likely.
These days most secure enterprise organisations like your Bank will insist that you set this up by default.
I would recommend that you choose to setup 2FA/MFA on any important websites you use. For example:
If you use the same password for your email and your bank, a hacker who gets into your email can now get into your money. Every important account deserves its own unique password.
When a company like your UK bank stores your password - they follow a very strict set of rules to make sure this is kept safe. When you use a website that might be for the dog club, bowls club, or another private members club, they don’t (and often can’t) offer the same protection. If you use the same username and password for both websites then, if your club gets comprimised, a cyber thief now has a list of usernames and passwords that they can start to “try out” on other services.
Often if someeone has “hacked your email or facebook” it is because they were able to steal the data from a far less secure website - and have just been trying the usernames/passwords that they found, against your email or facebook account.
It’s really easy to say “don’t re-use the same password” but the reality is that we now have dozens or even hundreds of passwords to remember. You should try and have different passwords for your main “critical” accounts. This doesn;t need to be too much hof an overhead, for example if you come up with a password that is easy for you remember, for example Love is all around me!, then you could put the first 2 letter of the website at the end of the password. So:
Love is all around me!ho, and forLove is all around me!llOften with identity theft the theif is looking for easy targets. If they steal and work out my Hotmail password, and it is different from my Lloyds password they will move on to someone easier.
Instead of writing passwords on sticky notes near your computer, use a digital Password Manager (like Bitwarden, 1Password, or LastPass). You only have to remember one master password, and it remembers the rest for you.
It is really important that you set up 2FA/MFA on your Password Manager so it doesn’t just become a Skeleton Key that gives access to all your secrets.
Speak to you children, or grandchildren, often they will be doing something similar (often through their work) and so may have a favourite tool, or even a family account that you can join.
You don’t need to change your passwords every month anymore (that just leads to forgetting them!). Only change a password if the website notifies you of a “security breach” or if you suspect someone else has accessed your account.
Studies have shown that changing passwords on a regular basis only reads leads to confusion, and forces us to make simple passwords - while adding no real protection from theft.
You only really need to change your password whhen notified of a breach.
You can always check yourself - if your username/eamil address has appeared in a data theft.
Important before you check this - almost everyone has been involved in some kind of data breach, so thhis is not personal or a attack on you - just look and see which account was comprimsed and make sure you change the password for that website and ideally set up 2FA/MFA
There are loads of games or quizes on Social Media that seem like fun to play along with, but can sometimes be more sinister under the surface.
Be warey of any quiz, or game, that starts to ask questiosn that you might normally associate with a company asking legitimate security questions. While 2FA/MFA is the gold standard for protection some companies still rely on Security Questions to validate you - like “What is your Mothers maiden name?”.
Any online quiz or game that asks question like that - or about your siblings, or favourite pet, or first school, or where you met you spouse - should be treated with healthy suspicion. If it’s just game - then have some fun with it “Where did you first meet your wife? Love Island”, or “What is your mother maiden name? Mountbatten-Windsor”
If you are at a coffee shop or airport using their free internet, avoid logging into your bank. Wait until you are back on your secure home network.
Why is this important? What does this mean? This is good general advice, but not intended to worry you. What this means is that on a public network, like a cafe, airport, McDonalds, etc, you don’t know who else is on the network with you. At your home you generally knwo whho is connected to your home internet - at a public place you don’t know if a bad guy is lurking somewhere.
Generally if you see the “padlock” next to the website you are using, this means your traffic is safe - but fundamentally you are in a network that you don’t control and therefore someome could be up to no good.
It’s almost always fine - but the advise in principle is don’t use public wi-fi for anything that is really important to you…. Just in case.
💡 Remember: If you ever feel like you’ve been hacked, the first thing you should do is change your Email password. Your email is the “key” to resetting all your other accounts!