Advice for password security
A strong password helps you to protect your personal information as well as your identity and money. There are many ways a password can be compromised, for example web server hacks, brute force attacks, rainbow table cracking or social manipulation.
- Your password should contain at least 10 characters and include a combination of lower case letters, upper case letters, digits and special characters.
- Use a password manager tool (for example LastPass, 1password or Dashlane) to manage and store all of your random passwords organized, encrypted and convenient. This way you only have to remember your master password - make sure you store this in your head.
- Never re-use a password! Use a unique password for each of your accounts. If one of your accounts gets compromised, the hacker can not gain access to your other accounts, which greatly limits the damage.
- Never send passwords to anyone via email or online messenger services.
- Do not use passwords that are easy to guess, for example ”password123” or ”admin”.
- Enable multi-factor authentication (MFA) for all services where it is possible. Using phone number, app, bank-ID or finger print as a second factor adds an additional layer of security. Even if someone knows the password it’s simply not enough to log in.
- Make sure that your security questions (if you have lost your password) are extremely difficult to guess.
- Do not use your passwords to login to your accounts on other peoples devices, unless you really trust them and know that they have a common sense regarding security.
- Never store your passwords in a plain text document, not even on your local device.
- If you’re using a password generator (such as this one) to create your passwords, make sure that the server is using SSL (https) and that the generated passwords aren’t stored on the server.
- Never use family names or pets, words from dictionaries or personal references as passwords. Also avoid year of birth, post-code, house-numbers etc. These are easy to brute force or figure out.
- Be careful of who your trust. Avoid phishing tactics where cybercriminals try to make you enter your password on phony websites. Always keep an eye on the address bar in your web browser.
- Do not share your personal passwords with anyone, not even family members or close friends.
Common advice regarding security
- Bookmark your most critical websites and access them from there. If you make a typo you may land on a similar phishing-site aimed to steal your information.
- If using a mobile device, make sure that you have set it up so that you can remotely delete all data on it it gets lost.
- Immediately lock your device while leaving it, even if you’re away for a short period of time.
- Do not install any software that you do not trust 100%. The same goes for clicking on email attachments, which can trigger vulnerabilities silently in the background.
- Use a VPN (Virtual Private Network) for further improved security and privacy. A VPN encrypts all the data sent and received by a device connected to the internet.
- While traveling, if you really need to connect to a public Wi-Fi spot, make sure that you use a VPN.
- Encrypt your computers hard drive. These are core features on both Windows and OS X without additional software. This makes sure no one will be able to access your information, even if they steal your computer and put the hard drive into another machine.
- Log into your computer as a User instead of Administrator. This way you limit websites and software to modify your security settings, execute malicious code or access system files.
- Do not log into unencrypted web services. For example, make sure that a website is using https and NOT http in the address bar.
- Protect your computer with a firewall.
- Keep your operating system and antivirus software up-to-date to keep yourself protected from trojans, key loggers etc.
- Be careful of the sites you visit. Shady sites and advertisements can take advantage of web browser vulnerabilities and compromise your computer, which can give cybercriminals access to your system and your passwords.
Back-up plan
Make sure that you have a recovery plan in case you have lost or forgotten your passwords. Backup your encrypted passwords regularly on different trusted locations, so that you don’t depend on one single device if disaster strikes.
A secondary email address or an additional phone number to someone you really trust for multi-factor authentication can also be a life saver.