How to make your passwords more secure

Take action to protect your online accounts and identity offline

Bulletproof your passwords article

If you're looking for a cross-platform, cross-browser manager, we can thoroughly recommend LastPass.com. It's free for desktop use and $1 a month covers all mobile app access on most platforms, plus it's random-password generator means every password you use will be different.

Bulletproof your passwords article

If one miserly dollar a month is too much then try the free open-source KeePass.info; it's excellent, and mobile apps are available, but you'll need to manage the transfers of the vault file yourself.

Even with a password manager we'd still advise you not to store financial account details on it or even your primary email details, as loss of your vault password would open up all of your passwords.

3. Create stronger passwords

Some sites limit password length to 12 characters. Annoying! For ones that don't, www.xkpasswd.net, inspired by the XKCD cartoon, generates long, memorable passwords, and can throw in the curve ball of numbers, characters, capitalisation and padding as you see fit.

4. Verify-only email accounts

Using layers of security is a good way of working.

If you can place separation between 'unimportant' sign-ups - such as that forum you can't mention to your partner - and sensitive services, such as your bank accounts, all the better.

Use an extra email account to register for forums and the like. If these should get hacked or compromised it'll be far harder to trace any password, username or any personal information to anything else that could be more important.

Similarly, consider using personally-identifiable services such as social networks on yet another email account. While perhaps not as sensitive as such, hacked accounts can cause real-life headaches and provide hackers with personally-identifiable details.

5. Ring-fence vital services

Many of these problems come from us being human and succumbing to laziness.

In a way, pretending that we're never going to be lazy doesn't help, but should certainly mitigate this lazy behaviour.

At the absolute minimum, try and ring-fence your behaviour when it comes to vital financial institutes and your primary email. Use unique and complex password for each.

To a degree, many banks have cut-out laziness and enforced TFA solutions, so it's a mute point. Even Google offers TFA for its accounts and you should consider activating this if it's your primary email, as it's your last line of defence.

Tags