No internet connection
  1. Home
  2. Websites

How can I choose a good password to use online?

By Nick Wilson @NickW
    2018-07-02 16:09:48.713Z

    I'm worried about security

    Reply
    • 1 replies
    1. Ming-Tzu @MingTzu
        2018-07-02 16:31:57.170Z

        Hi Nick,

        In a nutshell - a "good" password should be something that's difficult to guess, and easy for you to remember.

        Some tips :

        Try to avoid using the same password for multiple websites

        If you use the same password for multiple websites, then if there is a security breach at any one of them your email address and password may be leaked. This makes it easy for unscrupulous people to try the same details at other sites and log in.

        If you must use the same password for multiple websites try making it unique - by adding the first/last letters of the website you're using.
        For example if your password is "Pencil" add "Am" for amazon to make PencilAm.

        This way the password you remember is the same, but in practice will be different for every website you use.

        Passwords should be difficult to guess

        Avoid using passwords that include your name, your date of birth, or are words from a dictionary.
        It's easy for an attacker to automate trying every word in a dictionary to guess passwords.

        Passwords should be easy to remember

        The typical suggestion for password security is to incorporate a mix of upper case, lower case, digits and special characters - such as exclamation marks and punctuation. The problem with this is the result can be difficult to remember, another alternative is to use a phrase such as

        "the rain in spain stays mainly on the plain"

        which is also complex enough to provide an effective barrier against dictionary attacks.

        Enable 2-factor authentication

        2 Factor authentication provides an additional security measure for online accounts by requiring you to perform another action before you can log in. This may be in the form of sending a message to your phone to check that it's really you who is logging in on a new device.

        Even if an attacker were to steal your password, they would still not be able to log in because they can't provide this extra piece of information. It's highly recommended you add 2-factor authentication where available, as it does provide extra peace of mind.

        Reply
        ReplyAdd progress note