The U.K.’s National Cyber Security Centre has issued a stark warning to people who use pet names as their passwords. The blog post, timed to coincide with National Pet Day, suggests that perhaps a beloved animal might be a bit easy for hackers to guess, especially if you’re always posting cute pics online.
Apparently 15% of British people use their pet name as their password for online accounts. Another 14% use family members’ names and 13% are securing their data with a password based on a memorable date.
Surprisingly, for an agency using “cyber” in its name, the advice it gives is actually pretty decent. The NCSC says that you should use strong passwords for email, making sure each is different to other accounts. The goal is to make sure that if anyone nabs your Netflix password, they can’t also access your email with that same key.
The best advice revolves around password choice. You can get a secure password by picking three random words. Good passwords don’t have to be hard to remember and contain lots of special characters to be secure, although many sites force annoying characters on you, sadly.
It would be far better to pick a password like “rex railway bone” than “rex1234&*%”. There’s no point explaining why that’s the case when Randall Munroe has already done a perfect job at XKCD. But in summary, password phrases are better than short passwords that are nearly impossible to remember.
Aside from pet names, the NCSC also laid out other usual faults. Around 6% of people use “password” somewhere in their password or as the whole thing. This is frighteningly stupid, obviously. But then again, we’ve all gotten frustrated setting up yet another account online, so most of us are guilty of doing it at some point.
The best advice is probably still to use a password manager and generator, like one from our best password managers roundup. Although the convenience of having them sync with the cloud is worthwhile, and those services are often secure and well-encrypted, having a locally stored version you back up to USB sticks is a safer bet. Also, please use two-factor authentication as well. Tools like Google Authenticator won’t rely on SMS or email codes to work, which can be great if someone manages to take over your phone account, which can and does happen.