Step two
Change your email account password
A key priority should be to change your email account password. You should change your passwords regularly, regardless.
-
Passwords need to be strong
-
It should contain at least 16 characters (If 16 characters are too difficult to remember, then you could use an 8-character password and type it twice)
-
You should use at least one of each of the following: an uppercase letter, a lowercase letter, a number and a symbol.
People are naturally tempted to use simpler passwords as by nature they’re easier to remember. But they’re also far easier to crack – using software, a criminal can crack a common single-word password in less than one second.
Fortunately, there’s a straightforward way of creating a very secure password that is also easy for you to remember.
Generating a secure, easy-to-remember password
Firstly, think of a memorable sentence
Make sure it includes numbers, and include the proper capitalization and punctuation.
When using a number, reverse the number e.g.
26 = 62, 123 = 321, 1989 = 9891, etc.
Now create your password from the first letter of each word, the reversed number and the punctuation.
SO IF YOUR SENTENCE IS:
I bought my first car in 2005 when I was 19 years old!
YOUR PASSWORD WILL BE:
Ibmfci5002wIw91yo!
As long as you can remember the sentence – pick something easy and personal to you – then you can easily type the password by thinking of each word one-by-one. And that resulting password is extremely difficult for somebody else to crack.
International Password
Change Day
falls on the first Thursday of May each year. Whether or not you stick to this, it's an illustration of what's considered good practice.
Your security questions
When websites are hacked, it’s often not just your email address and password that are leaked. Example information that has been previously leaked from hacked websites includes:
Names, Usernames, Gender, Employers, Job titles, Spoken languages, Physical address, Geographical location, Security Questions, IP addresses, Devices, Date of Birth, Account status, Mother's maiden name, etc.
As you can see, once you have been the victim of a credentials leak, you can’t assume that your security questions and answers will remain secret. And with most websites tending to use the same security questions (‘mother’s maiden name’… ‘street that you grew up on’) you should pay this item a little attention.
There are two tricks to keep things easy, memorable yet secure
-
Firstly, you can set your answer to be anything you like - not just the 'true' answer! So if you worry that your mother’s maiden name has been discovered, call her something else!
-
Secondly, you can use the same answer for every question option that a site might give you. That makes things very easy to remember – you just need to pick one word for each website.
Choosing security questions and answers
Where a website allows you to set up security questions, simply think of a memorable word that starts with the first 2 letters of that site:
EXAMPLE:
Facebook = Fabulous
Hotmail = Horseradish
Now for every Security Question enter your chosen word:
FOR FACEBOOK:
Mother's maiden name: Fabulous
What was your first car: Fabulous
What was the street name that you grew up on: Fabulous
FOR HOTMAIL:
Mother's maiden name: Horseradish
What was your first car: Horseradish
What was the street name that you grew up on: Horseradish
Pick memorable words, and – as ever – don’t reuse them for different sites.
There are two other ideas that you should consider:
Password Vault
A Password Vault helps you remember passwords. It will generate extremely secure passwords for you, and auto-fill them on websites to save you the trouble. You might want to buy, or subscribe to, a password vault. Choosing one involves the usual process of balancing features against cost. We can’t recommend specific software that might be right for you, but you may wish to consider names such as: 1Password, Dashlane, KeePass Password Safe, LastPass or RoboForm.
Many browsers come with a 'sort of' Password Vault built in.
-
Windows Internet Explorer can remember and auto-fill passwords, but doesn't recommend passwords.
-
Apple Safari can remember and auto-fill passwords, and also recommend secure passwords
A drawback of these two browser solutions is that they are linked to a specific device, whereas other products work in the cloud: they synchronize your passwords between all your devices.
Two Factor Authentication (2FA) or Multifactor Authentication (MFA)
With 2FA or MFA, a site or app asks for an additional form of authorization from you before it will allow you to log in. This might consist of something that you uniquely know (a User ID/password), something that you uniquely have (perhaps an SMS sent directly to your own mobile device) or even something that you uniquely are (biometric data such as a fingerprint or iris scan.)
If your Email provider offers you Two Factor or Multifactor Authentication, then it’s strongly recommended to activate it.