Cyber Bytes: How to remember all your passwords

Welcome to Cyber Bytes, a regular newsletter which gives you easy-to-understand cyber security advice, and tells you what steps you can take to protect yourself online.

In this issue:

• Why should I set unique, good passwords?

• How am I supposed to remember all those passwords?

• What can I do?

Why should I set unique, good passwords?

In the first issue of Cyber Bytes, we talked about the importance of good passwords. Good passwords are those that are easy for you to remember, hard for someone else to guess, and longer in length. (We recommend at least 15 characters.)

Good passwords help keep you safe because hackers will find it hard to guess good passwords. And password-cracking software isn’t powerful enough to crack them.

But it isn’t enough to pick one good password and re-use it across your accounts. You should also make sure that each of your passwords is unique.

This is because even if you set a good password, it can be exposed in a data breach. This kind of data breach has happened after recent cyber attacks on the Co-op and Marks and Spencer. It’s likely that hackers will buy that customer data, and use it to try and launch future attacks.

Hackers do this by taking a leaked email and password and try using it to log in to other accounts associated with an email address. This could be an online banking account, social media account(s), or email account.

And if you’re using the same password for all your accounts, it’s likely the hackers will succeed. This is why we recommend your passwords are unique to each account.

Even if you’re using good, unique passwords, you can better protect your account by enabling Two Factor Authentication (2FA), wherever it’s available. But we’ll talk about 2FA in detail in our next edition.

How am I supposed to remember all those passwords?

Of course, setting unique passwords is hard. Most of us have dozens of online accounts, including:

• Social media (Facebook, Instagram, Linked In)

• Multiple email accounts

• Online banking (often multiple accounts)

• Retailers (eg. Amazon, Marks and Spencer, Next, ASOS)

• Utility companies

• Subscriptions and online services (eg. Netflix, Spotify, Disney+)

• Smart devices (smart speakers, fitness watches)

It’s unlikely you’ll be able to remember lots of unique 15 character passwords. In fact, this is often why people put themselves at risk by re-using passwords.

But, luckily, you don’t have to remember all your unique passwords. There are several methods you can use to keep track of them.

Use a password manager

Password managers are online services that act as secure vaults for all your passwords. They have a high level of security to protect your data.

They allow you to save passwords for your online services. You can ask them to suggest passwords for you, including passwords of specific lengths. Several also offer browser extensions and mobile apps which will auto-fill your passwords when you log into a website or service.

There are several password managers available, including: Bitwarden (free, paid version available), Dashlane (free, paid version) and 1Password (paid version only).

Write them down (yes, really)

If you aren't confident using online solutions like password managers, you can make a note of your passwords in a physical notebook, which you keep locked away where only you can access it.

This might seem like old-fashioned advice, but very few cyber attackers are likely to be based in Jersey, or even the UK. This means they aren't likely to come into your home to check your password notebook.

If you do use a notebook, you should still be mindful of risks on-Island. Protect yourself by making sure your password notebook always stays in your home in a locked drawer.

Don’t use your notes app, or your browser

Many browsers now offer to save your passwords when you log in to a website. We don’t recommend that you use this service. We also advise against saving your passwords in a notes application on your phone or tablet.

Using your notes app or browser leaves you more vulnerable to cyber attacks. Hackers will often launch attacks using security weaknesses in your device’s operating system, or your browser. If they get access into your browser or your cloud storage, they could get access to your passwords.

What can I do?

The most important thing you can do is make sure your passwords are unique, and you have a way to securely store and remember them.

If you want more support and advice, you can book a FREE cyber advice session with our team by completing this form.

You can also find out more using these resources below: