6 May 2018

Five tips on better passwords: ESET

ESET marked May 3, World Password Day, with tips on creating better passwords.

World Password Day is an annual event that takes place around the world to raise awareness of the importance of strong passwords and best practices for online account security. Nick FitzGerald, Senior Research Fellow at ESET, said, “Regardless of how passwords are stored, if users choose simple or easy-to-guess passwords, then they’re still at risk of being hacked.”

Brute force password cracking, where a trial-and-error method is used by an application to decode encrypted data such as passwords, may have seen KrisFlyer frequent flyer miles drained from the user accounts of Singapore Airlines’ passengers.

ESET said another poor practice is re-using the same password, as multiple accounts can be compromised should a hacker get lucky on one platform.

World Password Day aims to stop these behaviours and to encourage all computer users to strengthen their password practices. It’s also worth considering two-factor authentication (2FA) so that, even if a hacker guesses the password or obtains it via phishing, they still won’t be able to access the account without entering a code that is, for example, sent to the user’s mobile phone,” FitzGerald emphasised.

ESET listed five ways that people can strengthen their password behaviour without having to commit long, complex passwords to memory:

1. Close accounts that are infrequently used. Closing old accounts and maintaining just one account on each social media platform can help protect users’ privacy, especially if they contain sensitive information.

2. Treat accounts differently. Some accounts contain important or sensitive data while others do not. Create long, unique passwords for those with important data such as banking or health information.

3. Use a passphrase instead of a password. A passphrase is a sentence that is easy to remember and contains uppercase and lowercase characters, some punctuation and/or special symbols, and numbers. These are most effective for users to remember. Famous quotes from movies, songs or books should be avoided, since these can be easy to guess or obtain from social media.

4. Use a password manager. A password manager is a tool that encrypts and stores all account passwords and is accessed by a single, master password. This lets users concentrate on remembering just one complex password or long passphrase, instead of potentially dozens.

5. Enable 2FA where possible. 2FA identifies the user to a service provider by providing a combination of at least two different authentication methods. These may be something that the user knows (like a password or PIN), something that the user possesses (like a hardware token or mobile phone), or something unique to the user (like a fingerprint or iris scan).

FitzGerald said, “Passwords are crucial to security. It’s also important to keep operating system or application software on all devices up to date, since updates often include security patches that will protect against new threats. Taking these simple steps can help keep individuals and companies safe online.”