Password protection in the time of COVID-19

Emma Bathgate

With most students and staff working from home these days, our online accounts have become vital to keep us connected with our colleagues, classmates and friends.

You might find yourself signing up to online accounts you have never used before with new usernames, passwords and personal details. So how can you make sure your information is kept safe in this age of online connectivity?

Many people think that online hackers are cunning criminals that can break into your account regardless of your security. But in reality, most are just lazy opportunists who will take advantage of easy targets. Thankfully, that means that a few simple steps will protect you from most online attacks.

A good password: 

  • Is long: the more characters a password has, the less vulnerable it is to a brute force attack. A password with three characters can be cracked in less than a second, whereas a password with ten characters will take around 526 years. 
  • Is not a single dictionary word, as there are certain attacks that target these specifically.
  • Avoids using obvious personal information
  • Is not a common password (did you know that '123456' consists of 4% of all passwords?!) 

Do not reuse passwords! While the idea of using the same password for all your online services sounds tempting, it's really insecure. If one of your accounts is compromised, hackers will be able to access all your other accounts that use the same password. It's especially important to keep your email password different from the rest of your accounts. Think about it – when you forget a password, what do you do? Most people request a reset link to their email. That could spell disaster if a hacker has managed to get their hands on your credentials. Struggling to come up with a new unique password? Try a password generator!

Enable two-factor authentication (2FA). Most major online services (such as Instagram, Google and iCloud) now offer the option to enable 2FA. If you have 2FA on your account, it will instantly make it much more secure. With 2FA you don't only need your password to log in, you will also need an additional piece of information – usually a code sent to your phone or another device. This means that a hacker won't be able to get into your most important accounts with your password alone.

Get a password manager. If all of the above sounds overwhelming, you should consider outsourcing your passwords to a password manager. A password manager is a clever piece of software that stores your passwords securely, and you normally only have to remember one password to access them all. Good password managers can be used across devices, can recommend secure passwords for new accounts and will alert you if any of your accounts suffer a security breach. You usually pay for a password manager, generally about the cost of a cup of coffee per month. For me, that's totally worth it for the peace of mind that my passwords are secure. I personally use 1Password, but LastPass and Dashlane are also worth checking out. 

Back to QMU@Home blogs

Engage with QMU