THE BLOG

Power of a Password

19/12/2014 13:34 GMT | Updated 18/02/2015 10:59 GMT

Christmas is almost upon us, Many of us, looking for a Christmas bargain, were entangled in the recent shopping frenzy that was 'Black Friday' and 'Cyber Monday'. According to new figures, Black Friday was the biggest online shopping day of the year, with £810 million spent on this one day alone. And it's not hard to see why - a more convenient, simpler and less stressful way of shopping, it's clear that online shopping is fast becoming the method of choice in today's digital age. In fact, our recent research has shown that over half of Europeans will be ditching the high street in favour of purchasing online this Christmas.

But escaping the high street doesn't necessarily mean escaping potential hazards. Just as a crowded shopping centre is a magnet for pickpockets, the hordes of people shopping online this season are rich pickings for cybercriminals. So as shopping from the comfort of our own homes becomes the norm, it's very important to ensure that we make sure our online shopping experience is safe and secure.

One way that we often compromise our security online is through our online passwords. According to our research, nearly half of Europeans (47 per cent) think that password rules on web sites make it difficult to remember passwords, illustrating the frustrations of managing multiple passwords for various sites. With this complexity in mind, it's no surprise that over half of Europeans (55 per cent) have to reset their online passwords at least once a month and 14 per cent have to do it every week. Perhaps more worryingly, eight per cent need to reset their password every time they shop online - this is particularly worrying when you consider that a password is the padlock protecting our digital life.

Unfortunately, while password security may be at the bottom of our priority list, exploiting vulnerabilities in our passwords is certainly a top priority for the bad guys. Security breaches, resulting in the theft of passwords and other sensitive information, regularly hit the headlines. Sometimes, one attack becomes a 'stepping-stone' for stealing data on another site. Earlier this year, the details of online passwords, e-mail addresses and voucher information for over 2,000 Tesco customer accounts were compromised, later appearing on a text-sharing website. In this case, Tesco itself was not targeted: it's thought that the cybercriminals were able to match data stolen during a previous hack to customer details on the Tesco web site, because many people had used the same password across multiple accounts.

Passwords are the first line of defence when it comes to protecting our online transactions. So it's really important to avoid using passwords that a cybercriminal will guess easily. Here are four key things to bear in mind when creating passwords.

- An ideal password is at least 15 characters long and consists of a mixture of letters, numbers and symbols.

- Don't use real words, even from a foreign language, or written backwards: there are tools on the Internet that will crack these in seconds.

- Don't choose an obvious password such as your name, date of birth, spouse's name - this is as bad as leaving your house key under the doormat!

- The most common passwords are patterns on the keyboard ('qwerty', '123456'), people's first names, the F-word and 'Password' - these are as bad as just leaving your front door open!

Of course, there's always a trade-off between security and convenience. With complicated password rules to consider and multiple login details to remember, many of us struggle to remember their passwords. That's why so many people simply resort to using the same password for all accounts. Avoid this temptation! Creating unique, complex passwords that are still easy for you to remember isn't as hard as you might think. I've discussed some ways to do this before. And my colleague David Jacoby has recently provided tips for creating memorable, easy to remember passwords.

As a parting thought, check also to see if the web site provider offers a two-step verification method to protect your account details (e.g. requiring an additional one-time passcode, send via SMS to your mobile phone, in order to modify your account settings). This will further secure your account.