Your questions answered by security specialists
David Emm, principal security researcher at Kaspersky Lab ( www.kaspersky.co.uk)
QOther than changing my passwords regularly, what can I do to protect them against hackers? Sam Donnelly, Facebook
AYou should follow these guidelines to keep your password security watertight:
• Make every password at least 15 characters long – the longer the better – and combine letters (including uppercase letters), numbers and symbols.
• Don’t make them easily guessable. There’s a good chance that personal details such as your date of birth, place of birth, partner’s name and so on can be found online – maybe even on your Facebook wall.
• Don’t use real words. They are open to ‘dictionary attacks’, where someone uses a program to quickly try a huge list of possible words until they find one that matches your password.
• Make passwords unique for every account: don’t ‘recycle’ them, for example ‘david1’, ‘david2’ and ‘david3’.
• Use a password manager that encrypts and stores unique passwords for all your accounts in one consolidated and protected location.
• Consider a tiered approach to password management instead of a one-size-fits-all strategy. Create strong, unique passwords for important online accounts, where a compromise would have serious consequences: for example, those linked to credit cards. But use a simpler password for accounts where no sensitive personal data is stored.
• Don’t continually change your password. There’s no need to change it just for the sake of it, and it’s difficult to remember a new one every few weeks.
• Don’t save your password – the “save your password” option offered by browsers may be convenient, but it’s not as secure as using a password manager.