Itβs World Password Day today, which means you should probably think about how youβve secured your online accounts, and how you can ensure that theyβre not easily hacked. Following Nutellaβs advice on the matter would probably be the worst thing you can do, though.
I love Nutella as much as the next guy, but this celebratory post from its Twitter account is as misguided as they come:
Today it's World Password Day: choose a word that's already in your heart. Like "Nutella", for example! #WorldPasswordDay #Nutella pic.twitter.com/Q9EERc6244
β Nutella (@NutellaGlobal) May 3, 2018
Yeah, no, thatβs not how you create a password in 2018.
Whatβs wrong with it, you ask? Well, for starters, itβs a pretty common password: The Pwned Passwords database, which includes 500 million passwords that have been exposed in past data breaches, has it listed more than 20,000 times. That means itβll likely feature in password dictionaries used by hackers in brute-force attacks to get into accounts, so itβs less secure than a more complex one.
In addition, it simply doesnβt follow good practice: your password should be hard to crack, which means youβll want something thatβs not in the dictionary, a bit longer than βnutellaβs seven characters, and include numerals or special characters.
The other problem with Nutellaβs advice is that you should be able to remember your password. Thatβs rubbish. Your passwords should ideally display a high degree of entropy, i.e., include several characters in as random an order as possible.
They also shouldnβt be created with ease of memorization in mind, simply because reusing passwords makes you vulnerable to being hacked when any one of the online services you use faces a breach. When youβve got hundreds of accounts all over the web that have the same login (usually your primary email address), it doesnβt make sense to try and remember unique ones for all of them.
Instead, you should use a password manager like Lastpass, Keepass, Dashlane or 1Password: itβll not only remember your passwords and fill them in for you when youβre logging into sites and apps, but also generate strong passwords when youβre creating new accounts.
Itβs true that you do need to remember a single master password for this β but if youβre thinking about locking down access to all your accounts with βnutellaβ, youβre probably going to have a bad time. For this one, consider using a lengthy passphrase with a high degree of entropy, as illustrated in this xkcd comic β just donβt use the one in that strip!
Lastly, youβll want to enable two-factor authentication on all the accounts that support it: this feature has you confirm your identity after entering a password with a second verification method, which is usually a short string thatβs dynamically generated on your phone, or a prompt on your phone that asks if itβs really you logging into your account at that time.
For more on passwords and staying safe online, check out our recent Answers session with renowned security expert Troy Hunt.
The Next Webβs 2018 conference is just a few weeks away, and itβll be ??. Find out all about our tracks here.
Get the TNW newsletter
Get the most important tech news in your inbox each week.