The UK's National Cyber Security Center has issued a stern warning to those using pet names as passwords: don't do it.
The blog post, which coincides with this weekend's National Pet Day, suggests that perhaps the names of beloved animals may be a bit easier for hackers to guess.
Apparently, 15% of Brits use their pet's name as a password for their online accounts. Another 14% use family names, and 13% use memorable dates as passwords to protect their data.
Surprisingly, for an institution with "cyber" in its name, the NCSC's advice is actually quite sane: the NCSC says that strong passwords should be used for e-mail and that one should make sure each password is different from those for other accounts It states. The goal is to make sure that if someone steals your Netflix password, they cannot access your e-mail with the same key.
The best advice revolves around password selection: choose three random words to get a secure password. A good password is secure without being hard to remember or containing many special characters, but sadly, many sites force you to use annoying characters.
It would be much better to choose a password like "rex railway bone" rather than "rex1234&*%". There is no point in explaining why this is so when Randall Munroe has already done a perfect job with XKCD. But in summary, a long password phrase that can be remembered is better than a short password that is nearly impossible to remember.
Aside from pet names, the NCSC also points out other usual drawbacks. About 6% of people use "password" somewhere in their passwords or use "password" as a whole. This is horribly stupid. But then again, we've all had the frustration of setting up different accounts online, so it's something most of us will do at some point.
The best advice would be to use a password manager and generator, such as the one in our Best Password Managers roundup. While the convenience of syncing with the cloud is worth it, and those services are often secure and well encrypted, having a locally stored version backed up on a USB stick is a more secure bet.
Also use two-factor authentication; tools like Google Authenticator do not rely on SMS or email codes.
Comments