Passwords are often the last line of defence for consumers trying to stop cyber criminals from stealing their personal information and money.
But despite warnings from authorities to toughen up password protection, cybersecurity specialists say the two most common online passwords are “password” and “123456”.
With fraudsters now using software that guesses millions of passwords per second, it pays to protect yourself.
Proofpoint Australia country manager Crispin Kerr said even strong passwords could be considered weak if reused across multiple accounts, because “a ripple effect almost immediately occurs” after a data breach.
Criminals quickly upload usernames and password combinations across many websites hoping to find victims’ duplicate passwords.
“So instead of having to correct one compromised account, users that duplicate passwords might have many more to deal with,” Mr Kerr said.
He said a good password contained at least 12 characters “with at least two or three different types of characters in unpredictable places”.
Some security specialists suggest using a phrase or favourite line from a movie with only the first letter of each word used.
“We’ve seen a massive shift in attacks targeting individuals rather than infrastructure,” Mr Kerr said.
Cybersecurity group Norton’s senior director of consumer business, Mark Gorrie, said the names of family members, pets or sports teams should be avoided as these could be found by fraudsters through online forms or social media profiles.
Mr Gorrie said people should “practice proper password hygiene”.
“Do not click on links and attachments in suspicious emails, change passwords every three months, ensure you have up-to-date security software and avoid using public Wi-Fi,” he said.
Free password management software can also help, and research has found that about one-third of people use this.
“With a password management program you only need to remember one password,” Mr Gorrie said.
“Norton’s Password Manager is free application available for download on the App Store and Google Play Store.
“I would also suggest switching to two-step verification or multi-factor verification wherever offered, to stop unauthorised access.”
A code to your phone or biometric fingerprint scan is a great way to toughen up your security.
A global survey last month by biometrics group Nuance Enterprise found that one in four consumers had fallen victim to fraud in the past year, losing an average $2000 “due to inefficient passwords”.
Nuance’s general manager of security business, Brett Beranek, said the survey — which included Australia — also found that consumers managed an average 11 online accounts with nine different passwords.
“One in four people forget those passwords at least once a month, with nearly a third calling a contact centre every three months to reset login credentials,” he said.
“As PINs and passwords continue to fail and hacks and breaches climb, more and more organisations are deploying biometrics,” he said.
Fraud Watch is presented in partnership with The Commonwealth Bank. If you have a scams story let us know at firstname.lastname@example.org. To find out more head to fraudwatchaustralia.com.au.
A STRONG PASSWORD:
• Contains at least 10-12 characters including capital letters, numbers and symbols
• Has no family members’ names or pet names
• Is different to passwords used for other accounts
• Avoids using birth dates or sports teams
• Swaps letters for unusual characters. MoneysaverHQ could become M0n3y$av3R8q
• Includes multi-factor authentication, usually involving a code sent to your smartphone.
Source: Norton, Proofpoint
Originally published as How to pick a safe password