You use passwords to access your bank accounts, social media, email and more every day.
Passwords are the keys to our online identity. That’s why protecting them is so important.
Creating a strong password is the first step to protecting yourself online. This helps reduce the risk of unauthorised access by those willing to put in a bit of guesswork.
To help stay safe online, follow these password tips.
1. Make your passwords strong
Short and simple passwords might be easy for you to remember, but unfortunately they’re also easier for cyber criminals to crack.
Strong passwords have a minimum of 10 characters and a use mix of:
uppercase and lowercase letters
special characters like !, &, and *.
You may like to consider using a passphrase instead of a traditional password.
Passphrases are considered more secure than regular passwords, and easier to remember too.
A passphrase is used in the same way as a password, but is a longer collection of words that is meaningful to you, but not to someone else.
For example, the passphrase ‘CloudHandWashJump7’ is 17 characters long and contains a range of different characters. This is more complex than the average password.
Having complex passwords is important to deter ‘brute force’ attacks, in which a computer program cycles through every possible combination of characters to guess a password. These automated attempts at guessing passwords are not slowed down by numbers or capital letters, but depend on how long a password is.
Depending on the systems you access, you may be limited to a defined number of characters.
2. Make passwords hard to guess
Could someone who knows you guess your passwords? For this reason, it’s best to avoid using personal information such as your children, partner or pets name, favourite football team or date of birth as your password.
When trying to hack into an online account, cyber criminals start with commonly found words and number combinations.
So it’s best to avoid using:
a keyboard pattern like qwerty
repeated characters like zzzz
personal information like your date of birth or pet’s name.
Security companies publish lists each year of the most common passwords exposed in data breaches. Read the list from 2020. Make sure you’re not using them, because it’s likely criminals will try these passwords first.
3. Create new, unique passwords
If you need to reset a password, don’t just change one part of it.
Instead of changing a number at the beginning or end, create something completely new you’ve never used before.
If your original exposed password had a ‘1’ at the end, an attacker would likely try ‘2’ next. That’s why it’s important to change the whole password.
Get into the practice of changing your password often, ideally every few months.
4. Don’t share passwords, ever.
Never share your password with someone, not even with someone you trust.
What about family and friends?
Regardless of whom you share it with, once you share your passwords you lose control of how it’s stored or how and when it’s used.
What if a business or company I know asks for my password?
Reputable companies won’t ask you to give them your password over the phone or via emails or SMS messages. This might be a warning sign of phishing or a scam.
You may not be covered for fraud
One of your responsibilities as a savings account owner and user of internet banking is to protect your password. Sharing your passwords or PINs may affect a claim for any money lost due to fraud.
5. Use different passwords for each of your online accounts
Using different passwords means that if one of your accounts is breached, criminals won’t have access to other accounts that use the same password.
Make each of your passwords for online logins unique. This will help protect you from attacks like ‘credential stuffing’.
Credential stuffing is an automated technique used by criminals. They test a user’s known username and password combinations across multiple online accounts.
As many people use the same credentials for multiple sites, it can give criminals easy access to multiple accounts.
This gives criminals an opportunity to gather more information about you, which they might use to impersonate you online to access accounts under your name.
For example, it’s not a good idea to use the same password for an online pizza delivery website and your business email. If the pizza delivery site is compromised, you don’t want someone to also have access to your business email account.
6. Store passwords safely
Writing passwords down is never recommended. You could lose them, or someone else could see them and use them.
Password management tools
There are programs and apps known as password managers that will store all your passwords in a secure vault.
A password manager only needs one strong password to access it and has extremely strong protection to make sure that only you can access it.
This means you only need to remember one password to have access to all your passwords.
Password safes can even generate and store new, complex passwords for you when you create new online accounts.
Don’t allow web browsers to store your password
Some web browsers may display a pop-up message, asking whether you want the browser to remember your login details.
For more information, check out the Australian Cyber Security Centre’s guide on creating secure passphrases.
Reproduced with permission of National Australia Bank (‘NAB’). This article was originally published at https://www.nab.com.au/about-us/security/online-safety-tips/protect-your-passwords
National Australia Bank Limited. ABN 12 004 044 937 AFSL and Australian Credit Licence 230686. The information contained in this article is intended to be of a general nature only. Any advice contained in this article has been prepared without taking into account your objectives, financial situation or needs. Before acting on any advice on this website, NAB recommends that you consider whether it is appropriate for your circumstances.
© 2022 National Australia Bank Limited (“NAB”). All rights reserved.
Any information provided by the author detailed above is separate and external to our business and our Licensee. Neither our business nor our Licensee takes any responsibility for any action or any service provided by the author. Any links have been provided with permission for information purposes only and will take you to external websites, which are not connected to our company in any way. Note: Our company does not endorse and is not responsible for the accuracy of the contents/information contained within the linked site(s) accessible from this page.