Skip to content
Naked Security Naked Security

Advent tip #1: Clean up your passwords before Christmas

We'll be giving you one security tip a day up until Christmas. Here's advent tip #1, and it's all about passwords.

Passwords. Until there’s another widely-adopted way to verify that we’re who we say we are, we’re sort of stuck with them.

But some people’s approaches to securing their online accounts are leaving us feeling less Buddy the Elf and more Ebenezer Scrooge.

Too many people are still using passwords like ‘123456’, ‘password’ or the name of their pet.

Your login credentials are hot property and you need to make sure you treat them so.

We’ve said it before and we’ll say it again:

One site. One password.

Don’t recycle passwords across multiple sites, and make each password super strong and super long.

If you struggle to remember them all, you could think about using a password manager.

Just make sure you lock down the password manager with a really strong password, and use two-factor authentication for extra security if you can.

If you need help picking passwords, use our video below:

(No video? Watch on YouTube. No audio? Click on the [CC] icon for subtitles.)

Images of Christmas tree and Advent calendar courtesy of Shutterstock.


Why should I be concerned about programs that can test thousands of passwords in seconds if my accounts lock me out after just three tries?


Because, Debbie, the HUNDRED BILLION per second (a hundred thousand, thousands, thousands) cracking server isn’t trying from the Web where it can get locked out: it’s working offline, directly against the password hashes that were stolen from back-end databases. Once your password is discovered in this offline fashion, there won’t be three, two, or even one *try*: there will simply be a single, successful logon.


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!