Ever get the feeling that your online experience is characterised by an uncontrollable growth in the number of usernames, passwords, email addresses and recovery questions?

The mild frustration of forgetting your credentials and trying to crack into your own accounts — before most likely being forced to trigger the tedious password reset process — is all too familiar.

So, understandably, it’s very tempting to commit some password management cardinal sins: recycling the same details for multiple accounts, improper password storage or opting for those that are simple to remember — possibly containing personal, easy-to-guess details.

But in 2022, weak, stolen and recycled credentials remain the leading cause of security breaches. Don’t let you or your business fall victim as a result of poor password management!

Top tips for password management and keeping your logins safe online

Whether you’re a home user or at work, managing your sensitive digital data is crucial to smooth, stress-free IT. To stay safer online, our team of IT and cybersecurity experts have put together a quick, simple guide to levelling up your password management!

Use different passwords for every account

Now, this comes as common sense and needs little explanation. By having different passwords for all of your various profiles, you can minimise the chances of losing access to all your accounts if one is compromised.

Whilst recycling is great for the environment, it’s terrible for your online security. So, too, is sharing. Don’t be tempted to share or reveal your passwords to others, even friends.

A good way of making life easier when you have different passwords for every account is to use a password management tool.

Consider using an online password manager tool

Using an established password storage app can help you to keep all your usernames, passwords and other important data in one safe, secure place — particularly when combined with multi-factor authentication.

Within your password vault, you’ll be able to create a record for every account you have — also called items or entries. The information contained within each can be as simple as a username and password, but may contain extra notes: URLs, card details, PINs or account recovery question answers.

You’ll be able to quickly copy-and-paste relevant credentials from the vault straight into password fields as and when you need them. If you’re planning to copy and paste every time, password manager apps can make it a lot easier to create lengthy, complex and random passwords for each account — since you’ll never have to memorise them yourself.

Crucially, to access your password vault, you need a unique ‘master’ key or password which is generated when you create your account with the app. You must never lose this or you’ll likely be locked out. For added security, we’d also recommend enabling multi-factor authentication — we’ll touch more on this later.

There are many excellent online password managers out there, but three of our favourites — all free, simple-to-use, reputable, reliable, established and secure — include:

• bitwarden
• 1Password
• LastPass
• Password Safe

Each of those we mentioned has a simple-to-use free version that boasts more than enough functionality for most home users, start ups or small businesses, as well as free apps for mobile devices.

There are many other password managers out there that might be more suitable for your feature or budget requirements (if you’re planning on paying), of course.

But are password managers safe?

It might feel like you’re putting all your eggs in one basket, but most cyber security experts agree that these apps are the most secure way to protect your passwords.

Good password managers — such as those we mentioned — make use of AES-256 encryption and a ‘zero knowledge’ security model.

Using current computing power, AES-256 is considered to be practically unbreakable by brute force — the strongest encryption standard available. ‘Zero-knowledge’ techniques mean that passwords are encrypted before they leave your device and kept secure, so even the server has no way to decipher them. No one (except you) can access the data.

From your side, you just need to keep your master password safe. As long as you don’t lose this, no one can access your vault. Combining this with multi-factor authentication can add another layer of security.

Keep passwords memorable yet hard-to-guess

If you’re using some of the password manager apps listed above, you could opt for very complex random passwords, but for day-to-day ease, you might prefer to choose a memorable one (so you can simply remember your most commonly-used credentials).

Now, there’s a difference between ‘hard-to-guess’ and an incomprehensible jumble of characters! These clearly risk being forgotten or frustratingly mistyped.

Using mixtures of random words — such as ‘GuitarJaguarApple’ — appended with some numbers — can be practically impossible for someone to guess. You might want to include some mixed uppercase and lowercase letters, plus a special character or two. In terms of length, shoot for 12–16 characters.

There are some good memorable password generators out there. Check out:

• Mdigi.tools Memorable Password Generator
• 1Password Strong Password Generator
• Why Settle Memorable Password Generator

A good rule of thumb is to ask yourself whether someone who knows you would be able to guess your password. Does it contain your favourite football team or boy band? Your cat’s name, or your date of birth — or even the word ‘Password’? Personal details can easily be discovered online by cyber criminals.

Make use of multi-factor authentication

Even the most complex passwords have limits and can be cracked by powerful computers.

Multi-factor authentication (MFA, also known as two-factor authentication or ‘2FA’) is an added layer of security for your online accounts beyond just the username and password. 

After correctly entering your login details, you’ll be asked to provide another piece of evidence to prove it’s you. Therefore, cyber criminals — even if they have your password — won’t have immediate access to your account. 

How to set up MFA varies, but most websites and apps will have a password or security section, usually in account settings.

The most popular methods of 2FA are:

• One-time passwords (OTP): these are codes commonly sent by SMS (text message) which you are prompted to enter before gaining access to an account.
• Time-based one-time passwords (TOTP): these are created through apps like Google Authenticator. You have to enter a code provided through the app, which only lasts for around a minute. The codes are generated and shown on the same device, which removes the potential for interception.
• Push notifications: these are prompts sent to one of your devices. Whilst these rely on an internet connection, they’re much simpler and more user friendly; the owner views the request and can approve or deny account access with a single tap.

Whilst not so common just yet, we don’t think it’ll be too long until biometric 2FA truly takes off. These verify your login using facial recognition, your fingerprint — or even your retina pattern.

Be on your guard against phishing attempts

Passwords, personal information and other sensitive data are commonly stolen in ‘phishing’ attacks — where a cybercriminal tricks you into parting with data, often by posing as a legitimate person or organisation.

Most of us have received these sorts of communications: fake Royal Mail delivery emails, free supermarket vouchers, warnings that you’re ‘at risk’ unless you act — even blackmail attempts. They try to get you to open malicious attachments or direct you to websites where your personal details are stolen.

So, a big part of keeping your passwords secure from theft is by knowing what a phishing attack looks like. We’ve actually written a guide on how to spot them!