Trouble is, even if your password is enough to satisfy the complexity requirements, hackers are taking a daily stroll around the internet and collecting logins and passwords as they go, from either leaked details or sites with security flaws.
Then, they’ll try their luck with that login/password set elsewhere. They know more than half the internet users in the world have only one password and email combination, so the chance of gaining access to your accounts is actually quite high.
Even the big names in tech are at risk of password breaches. For example, Yahoo has been infamous with its constant data breaches, and over 500 million records stolen!
Other big companies that had been breached include eBay, Adobe, AOL, JP Morgan Chase, Uber, Sony... the list is actually quite extensive and you can find more here - List of data breaches (Wikipedia) You may think, "oh well, not a big deal, I don't see my local bank or a utility company here" but as New Zealand is a small country, breaches here don't attract as much attention.
Are you using the same password elsewhere? Cue the domino effect! One site breach follows another and another until hackers have nothing more to gain. The only way to break this chain reaction is to use a different password for each site.
How to Create Easily Remembered Passwords
Here are two ways of creating and managing secure passwords. One is manual and relies on your creativity and memory. The other is using a password vault, which will store all of your passwords in a secure manner and you only need one master password to access the vault. No, I'm not talking about that notebook that you keep next to your computer!
1. Have a system or template for creating your own unique passwords, that you’ll be able to remember, but is not obvious to hackers. For example, "character" "word" "something about the site" "numbers" "character"
Becomes !K1ttyFB75!
It might seem complicated, but the above is really just based around the words ‘kitty’ and ‘FB’ for Facebook. Change the FB to something else for other sites. For example, a bank password could look like $M0ney@nZ$
2. Use a program like KeePass or LastPass - these two are the most popular ways and they work in a different manner. KeePass stores all of your passwords on the computer and you will need to copy and paste them when you need to login to websites. The passwords are encrypted and the only way to access them is by entering the master password, which you should make very difficult and hard to guess. No, "P@ssw0rd1" is not a good idea 🙂
LastPass stores your passwords in the cloud. You might be thinking, why would anyone send their passwords to a 3rd party... But rest assured, the service is very secure, has never been hacked and been around for many years. You can read about it here. LastPass makes it easy to share your passwords on multiple computers, integrates with your browser and allows you to log in to any website with just a few clicks. This is what I use myself.
What to Do If Your Password has Been Hacked
You can check to see if any of your accounts have been compromised by entering your email into haveibeenpwned.com. Attention! Only the email is required. I checked my own email and found that a website I used to frequent was hacked in 2014 and my password was leaked. But nothing bad happened because I had a unique password there 🙂
If it alerts a breach, you need to change your passwords immediately – all of them. Use the example system above to create a new set or use the password vault.
