Which two methods will reduce the chances that your password will be compromised?

Passwords are the key to almost everything you do online, and you probably have multiple passwords that you use throughout the day. Choosing hard-to-hack passwords and managing them securely can sometimes seem inconvenient. Fortunately, there are simple ways to make your passwords as secure as possible. Doing so can keep hackers from taking over your accounts, and prevent theft of your information (or money from online banking!).

These 7 tips will help make your digital life more secure.

Never reveal your passwords to others. You probably wouldn’t give your ATM card and PIN to a stranger and then walk away. So, why would you give away your username and password? Your login credentials protect information as valuable as the money in your bank account. Nobody needs to know them but you—not even the IT department. If someone is asking for your password, it’s a scam.

Use different passwords for different accounts. That way, if one account is compromised, at least the others won’t be at risk.

Use multi-factor authentication (MFA). Even the best passwords have limits. Multi-Factor Authentication adds another layer of protection in addition to your username and password. Generally, the additional factor is a token or a mobile phone app that you would use to confirm that you really are trying to log in. Learn more about MFA and how to turn it on for many popular websites at https://twofactorauth.org/.

Length trumps complexity. The longer a password is, the better. Use at least 16 characters whenever possible.

Make passwords that are hard to guess but easy to remember.

• To make passwords easier to remember, use sentences or phrases. For example, “breadandbutteryum”. Some systems will even let you use spaces: “bread and butter yum”.
• Avoid single words, or a word preceded or followed by a single number (e.g. Password1). Hackers will use dictionaries of words and commonly used passwords to guess your password.
• Don’t use information in your password that others might know about you or that’s in your social media (e.g. birthdays, children’s or pet’s names, car model, etc.). If your friends can find it, so will hackers.

Complexity still counts. To increase complexity, include upper and lower case letters, numbers, and special characters. A password should use at least 3 of these choices. To make the previous example more secure: “Bread & butter YUM!”

Use a password manager. Password management tools, or password vaults, are a great way to organize your passwords. They store your passwords securely, and many provide a way to back-up your passwords and synchronize them across multiple systems. Though the University does not recommend any one solution, here are some examples of free password managers*:

• LastPass: https://lastpass.com/
• KeePass: https://keepass.info/
• Keeper: https://keepersecurity.com/
• Password Safe: https://pwsafe.org/
• Dashlane: https://dashlane.com/

Strong passwords are important for keeping your online accounts and personal information safe from cyber criminals, and enabling Two-Factor Authentication provides an additional layer of security.

Passwords are the key to your digital life. As the first line of defence against cyber criminals gaining access to your online accounts, passwords should be only known to you.

However, if your passwords fall into the wrong hands, the consequences of losing your online accounts, important personal information and finances could be dire, especially if you use the same password across multiple accounts. Cyber criminals could use your email to access many of your other online accounts, impersonate you and then carry out scam-related crimes on people you know.

There are many different methods that cyber criminals can use to get a hold of your passwords. One method is to use automated tools to crack your passwords. Cyber criminals can conduct dictionary or brute-force attacks to guess your password by checking your password against ‘password dictionaries’ or lists of commonly-used passwords and character combinations. The shorter and less complex your password is, the quicker it is for cyber criminals to come up with the correct combination of characters in your password. For example, the password 123456 can be hacked in less than one second.

To keep your online accounts and the information within them safe from cyber criminals, it is essential to use a strong password which is long and random and hence not easy to crack. 

How to Create a Strong Password

Here’s how to create a long (at least 12 characters) and random password that you can remember easily. You can also check out the infographic on how to create a strong password at the end of this article.

Step 1: Use five different words that relate to a memory that is unique to you. e.g. Learntorideabikeatfive

When it comes to creating a password, the longer it is, the harder it is to guess. Be sure not to use personal information such as your name, NRIC or birthdate, or other information that can be obtained easily, for instance by doing a search online.

Step 2: Use uppercase and lowercase letters, numbers or symbols to make it even harder to crack. e.g. LearnttoRIDEabikeat5

Remember to keep it random by ensuring that your password does not have a pattern and is unpredictable. This means that it should be difficult for others to guess, even with special tools. Some examples of obvious patterns include:

• Using commonly used phrases e.g. maytheforcebewithyou
• Capitalising the first letter of the password e.g. Livelongandprosper
• Adding a number at the end e.g. qwerty1
• Replacing a letter with a number or symbol e.g. p@ssw0rd
• Now that you have successfully created a strong password, you should enable 2FA, which stands for Two-Factor Authentication, to add an extra layer of security to your account.

Enable Two-Factor Authentication (2FA) when available

2FA uses more than one type of information to identify who you are in order to grant you access to your online account. The first factor in 2FA is usually something that you know, such as a password, while the second factor is usually something you have, such as a one-time password (OTP) from a physical OTP token. Another form of authentication involves biometrics, which includes fingerprints and face recognition. The second layer of security ensures that even if a hacker obtains your password, your account is still protected if he is unable to get hold of the second factor of authentication.

2FA is readily available for many of your online accounts, including your email and social media accounts.

Maintain Good Password Hygiene

Aside from creating a strong password and enabling 2FA, it is important that you take steps to protect your password:

• Use different passwords for your online accounts
• Don’t share your passwords with anyone or write them down
• Don’t log in to online services over unsecured Wi-Fi networks
• Don’t provide your passwords or OTP in response to a phone call, email or suspicious website as it could be a phishing scam.

If you believe that your password has been compromised, change it immediately and check for signs of unauthorised activity. Don’t wait until it is too late. Start using strong passwords and enabling 2FA for your online accounts today.

For resources on creating a strong password, click on the links below to download the high-resolution image files.

Posters

 English: Seniors | Adults | Youth

Poster for Seniors are also available in Chinese, Malay and Tamil

Videos

"How to" create strong passwords and enable 2FA - English

h

Marketing Videos

For more cyber tips, check out the following articles:

• Cyber Tip - Use An Anti-Virus Software
• Cyber Tip - Spot Signs of Phishing
• Cyber Tip - Update Your Software Promptly

Which method will reduce the chances that your password will not be compromised?

What are two ways to protect your password?

What are 3 ways to protect your password?

What are the two most common methods of cracking passwords?