Control access to your devices
Secure your devices against unauthorized access just like you protect your home against burglary.
Secure password management
You use passwords virtually everywhere. They are an essential way of securing your accounts on all sorts of websites and online portals as well as in apps. It’s therefore in your interest to secure your passwords in such a way that no unauthorised person has access to them. Implementing a few simple solutions is enough to significantly increase the security of your accounts.
- Use unique passwords. Make sure not to use the same password in many places! With one password for multiple accounts, if it’s leaked from one base, all accounts using the same password are exposed. To find out if you have fallen victim to a leak of passwords or phone numbers, it’s worth visiting the Have I Been Pwned Project website. If this has happened, you should change your password as soon as possible on all accounts where you have used it!
- According to the latest guidelines from CERT Polska, the key to a strong password isn’t its complexity, e.g. Asd54321^&, but its length, e.g. YouHasFound3TheBuikBrownFfoxTwo. For the first password, we used strings of characters that are next to each other on the keyboard, so it only seems strong and it could be possible to crack it using a dictionary attack (i.e. one where cybercriminals use files with hundreds of thousands of popular passwords and try to match them to your login details). This is best illustrated by the following analysis:
You will clearly see that it would only take 11 hours to crack the first password, while it would take several hundred years to crack the second one! Such a password strength analysis can be carried out by anybody, for example at https://bitwarden.com/password-strength/.
- With the number of accounts each of us has on different sites, remembering passwords to all of them is virtually impossible. Therefore, to make your life easier, it’s advisable if you use password managers. Various solutions are available on the market – commercial and free, standalone and bundled with antivirus security packages. Whichever you opt for, they have a few things in common:
- you only need to remember one main password, which is used to unlock the vault;
- you can use the built-in password generator;
- you can transfer passwords between devices.
- Even using the password manager built into your browser will give you a higher level of security than not using it at all.
- If for some reason you don't want or can't use password managers, consider creating passphrases. They’re simply sequences consisting of many words that don’t form a logical whole, but are easily memorised, for example, "CorrectDogClipForBatteries" :) You can create a myriad of such virtually unbreakable passphrases and remember each of them.
- Even the most complex passwords are of no use if you fall victim to a phishing attack and the cybercriminals try to trick you into giving them your login details. The conclusion is then that you should use multi-factor authentication wherever you can. Whether it be an authentication application, SMS codes or a dongle, the second component will further protect you in the event of phishing or a leak of passwords from the service provider's database.
