On “Change Your Password Day”, Kaspersky Lab scientists are advising users that unique and easy-to-remember passwords are more effective than changing them periodically for the safety of online accounts. Researchers have revealed a few simple steps for users to create their own set of unique passwords. They also recommend installing a password manager that solves the problem of retaining them.
Passwords are the established method for logging in to online accounts but creating some that are both safe and easy to remember is not always an easy task and is getting harder as people have more online accounts. If you create simple passwords that you are unlikely to forget, the risk of being broken by an attacker is greater. However, if you set a complex password, the risk of forgetting is higher, so the chances of staying on one or two passwords to use on multiple sites are increasing.
Kaspersky Lab researchers estimate that the biggest vulnerability of passwords is their reuse. As recent disclosure of more than 700 million email addresses and millions of unencrypted passwords has been revealed, data from different breaches can be easily correlated and used in attacks where hackers make email and password combinations of victims to enter in other accounts that have the same password.
The risk is not reduced by changing passwords, but by making them stronger – relying not on complexity but on uniqueness.
“There is a lot of confusion about what a strong password means. Many sites now require complex passwords that contain at least eight or more regular and capital letters, numbers, and special characters. Many users have thus come to equate with something like this a ‘solid’ password and it seems a rather difficult task. The good news is that ‘solid’ does not have to be scary. When looking at the issue from a cyber security perspective, you will see that passwords are powerful if they are unique and attributed to a single account, so they cannot be used to crack other accounts if they are exposed to a data breach. In addition, there are password management, including Kaspersky Password Manager, which allows for the creation and safe use of dozens of unique passwords,” says David Jacoby, a security researcher at Kaspersky Lab’s Global Research and Analysis Team (GReAT).
The following steps will help you create unique, easy-to-remember and solid passwords:
Step 1: Create your own “static” base (the part of the password that does not change)
- Think of a phrase, a verse of a song, a quote from a movie, a song for children, or anything that could easily be remembered.
- Take the first letter of the first three to five words.
- Add a special character between each letter: @ / # etc.
From now on, you can rely on each unique password on this string.
Step 2: Rely on the power of association
- When thinking about online accounts for which you need a password (Facebook, Twitter, eBay, dating sites, online banking, shopping or gaming sites), note the first word you associate with each of those sites.
- For example, if you set the password for Facebook, you might associate Facebook with the blue of the logo: in this case, just add the word “blue” – possibly capitalized – to the end of the static string.
David Jacoby explains: “For example, if the phrase you are thinking is ‘Twinkle Twinkle Little Star, How I Wonder What You Are’ and the special character is ‘#’ then the password for Facebook would be something like: T # L # S # Hblue. It makes no sense when you look at her or someone would give it to you. But because it is personal, understand the system used to generate your passwords and associate the word with the site, and then it’s easy to remember it.
The best way to backup, hold, and automatically and safely fill passwords is through a password manager like Kaspersky Password Manager. They have the advantage of not requiring users to retain only the master password. The most secure password management includes solid encryption functions, so the risk that data is accessed by someone else is very low.