Tips from an expert: how to keep your passwords safe
July 06, 2020
4 minutes to read
Hundreds of billions of euros. That's how much money is lost to cyber crime each year. Between companies that are brought to a halt and bank accounts that are sucked dry: the cost is high. Nevertheless, there are actions we can take to save ourselves a lot of trouble. Without any major investment. Creating strong passwords and keeping them secure is one of the techniques you can use to make life as difficult as possible for cyber criminals.
Gunther Penne has been responsible for security at Keytrade Bank for 10 years. He's happy to share some tips on how to keep your passwords secure. Tips that he also uses at home.
1. Easy for you means easy for hackers
"Qwerty, password, admin, 123456, iloveyou, your name or date of birth... These passwords are easy to remember, but also easy to crack. A hacker will barely take a few seconds. To get in, they'll use programs that try out common passwords", explains Gunther. "There are also hacking tools that run passwords through a huge dictionary at enormous speed, or try out every possible combination of characters."
2. Use a password generator
But don't you then have to memorise difficult passwords? "Developing your own 'difficult' passwords is no guarantee of success. Research shows that there are often (unconscious) patterns linking the passwords that you create for yourself. Let's say a hacker gets hold of three or four of your passwords, for example. It can then be a piece of cake for them to use a tool to predict your other passwords", Gunther points out. "That's why I use a program that generates random passwords."
3. Size matters
"If you really prefer to choose your own passwords, combine lowercase and uppercase letters with signs and symbols. The days when an 8-character password was enough are long gone. You need to use at least 12-15 characters today – and the longer, the better", he stresses. "Be careful when using password phrases. If you do, go for a password sentence that also contains non-existent words. Otherwise they're also easy to crack."
4. Each to their own
Perhaps you've chosen 47eTg(‘“shx-0ds&n//opTyç!&hd as a password? Nice. But we don't recommend using the same password to log in to every website and program. "Suppose a hacker manages to steal your password... In that case, they'll have a master key for opening your e-mails, going shopping online at your expense, watching Netflix, and so on. Instead, create a different password for each login. If one of these falls into the wrong hands, at least the rest will still be protected."
5. Save your passwords securely
Creating a different password for each site or program does mean that you need dozens (even hundreds) of passwords. "A password vault is a smart way to store them. A vault like this will save all your passwords. It's often also possible to generate new passwords using this program. All you have to remember then is the password to unlock the vault", says Gunther. "It's not a good idea to store your passwords on a piece of paper or in a file on your computer. Also, don't email yourself your own passwords so that you can save them in your inbox."
6. All change!
"Even if you have unique passwords and they're under lock and key, you really do need to change them regularly", says Gunther. "Especially those for your inbox or other sensitive things. Why do you need to change your passwords? Simple: even if your account has been hacked, you may not know about it right away. For example, a hacker could monitor your mailbox for months without you even realising it."
"Another reason for making your inbox super secure is that passwords are typically reset by sending an e-mail via a link. Your mailbox is therefore a very important trophy for a hacker who can compromise all your other passwords. Someone who has access to your mailbox can reset all your passwords for your other accounts. It's therefore best to change your passwords regularly, especially those for your inbox. Passwords that allow access to less sensitive information can be changed less frequently. Also make sure that you don't recycle 'old' passwords somewhere else."
7. What about browsers that memorise passwords?
"Of course, a browser that remembers your passwords is useful. But I never use this option myself. Browsers may also struggle with security leaks, and what's more, it's very easy to display the stored passwords. And if you choose to store your payment card details in your browser, you're on thin ice", says Gunther.
"I always make sure I only access secure websites. In this case, the web address always starts with https://. The s in https:// stands for secure and it can also be recognised by the padlock in the address field", he continues. "Another tip? If you accidentally enter your password for website B on website A, change your password for website B immediately. This may sound a bit drastic, but we're much more vulnerable online than we think."
8. Don't use 'secret' questions
Some applications allow you to answer a 'secret' question if you've forgotten your password. What's the name of your dog? What's your favourite dish? Or what's your dream destination? Safe, or not...? "This function also appears useful at first glance, but it's best avoided. The answer to these 'secret' questions can often be discovered by hackers on social media or in some corner of the internet."
9. Use two-factor authentication
"I apply this technique wherever possible. As a first step, you log in to your account using your password. In the second step, for example, the account sends a code to your smartphone or a code is generated on it that you then enter to log in. You've then got double the security. However, try to avoid centralising all the 'factors' on a single device. If this device becomes infected, two-factor authentication may be weakened."
"A fingerprint or facial recognition as a way of gaining access is convenient, but not watertight. If the scan of your fingerprint fails, you'll usually get the option to enter your code manually. However, if this code has been stolen, fingerprints do not necessarily provide additional protection."
10. Enable alerts
"There are several sites that warn you of an incident. Haveibeenpwned.com is one of them. You can check on websites like this whether your personal data has been leaked or is circulating among hackers. And you can also set alerts to warn you if your personal data has been compromised", concludes Gunther.
Checklist for staying safe online
- Use strong passwords
- Activate two-factor authentication if this option is available (e.g. via a code generated on your smartphone)
- Be on the lookout for fake e-mails
- Use a virus scanner
- Perform regular updates
- Make back-ups
- Secure all mobile devices as well
What's the best way to protect yourself against malware? Take a look at our tips