It was National Pet Day on 11 April 2021 (yes, it’s a thing).
To celebrate, the National Cyber Security Centre (NCSC) has urged us not to use our pets’ names as our passwords, but to use three random words in what’s called a ‘passphrase’.
The NCSC said in their ‘paws-word change’ article that 15% of the population used pets’ names for their password, while 14% use a family member’s name and 13% use a memorable date. Assuming a UK adult population of 50 million (which is low), that means over 7 million people are using pets’ names.
The NCSC also revealed that 6% of people are still using “password” as their password (or part of it), as well as another 6% of people using a string of numbers like ‘123456’ and 5% using their favourite TV show.
What’s wrong with using my pet’s name as my password?
A good password is one that is easy for you to remember, and difficult for someone else to guess.
The problem with using pets’ names as passwords is that it may be relatively easy for an attacker to find it from things like social media profiles, or to simply try numerous pet names from a list of common ones.
This rationale also applies to use of family member’s names, birthdays or other notable dates, favourite sports teams, films or TV shows etc.
What makes a good password?
Here are six rules to stick to when it comes to choosing and looking after a good strong password:
- Keep it secret. It goes without saying, but the point of a password is that it is a secret.
- Use different passwords on different systems (especially email). Big organisations are big targets (e.g. Facebook’s 2019 breach revealing the details of over 400 million people). Passwords stolen in a breach of one system can easily be used to access others where people use the same password.
- Don’t use information that is easy to find. Information on things like social media sites can easily be used by attackers to guess password.
- Don’t use obvious or common passwords. As above, a lot of people use very common and simple passwords. Attackers often try a list of these when attempting to access an account.
- Make it long. The longer it is, the more difficult it is to ‘crack’. At least ten characters is seen as the minimum, e.g. in this ICO data protection article.
- Make it complex. Adding numbers, symbols and capital letters makes it more difficult to crack too, and many systems require complexity.
Find out more about how to create strong passwords in our Think IT Insights passwords article.
How can I remember so many different passwords?
It is of course much easier for us humans to remember a single password than to remember the 70 or more that various studies suggest the average person has (or rather, should have).
Fortunately, there is a solution: the ‘password manager’.
A password manager is a secure place in which multiple different passwords can be kept. A strong ‘master’ password is used to access the password manager, and all the different accounts (with different passwords) are kept inside.
A password manager, then, is an answer to the question of how users can cope with having loads of different passwords, all of which need to be suitably long and complex.
Examples of free cloud password managers include Bitwarden, LogMeOnce and LastPass.
Find out more about password managers and even using password books in our Think IT Insights passwords article.
If you need help with anything in this Insights article, contact us by phone (01392 435803), email (support@thinkituk.com) or both.
