Short or common passwords can be easily guessed by brute-force: computer programs that try an exorbitant number of passwords per second to guess your password and access your information. Secure passwords that cannot be brute-forced are long (at least 16 characters) and with upper and lower case letters, at least one number and one special character. While it might sound difficult to come up with such a password, it’s easy if you think of a random sentence that is memorable to you, like “1312billionaire$Shouldpayreparations” (p.s. don’t use this password)
If you can’t think of a password, you can use one of many online password generator tools. For example https://xkpasswd.net
You can then check the strength of your password using this online tool.
While it’s very convenient to have the same password for all your accounts, it’s also very insecure. Every password you use for an online account is stored in a different computer. If someone manages to hack into one of those computers and gets access to your password, they immediately have access to all your digital information.
you shouldn’t share your passwords because it increases the chances that they will get leaked.
The common scenario is the one where you have an account with a certain access (for example, access to a document), and you share your password with someone else so they also get access. What can happen is that your password is shared more and more with other people that need access, until it ends up in the wrong hands.
To give access to another person, instead of sharing your password, they should create their own account. That way it’s easier to ensure that only trusted people have access, and if an untrusted person gets access it’s possible to remove their access by removing their account.
If for some reason you can’t create a new account and need to share a password, we recommend that you use onetimesecret.com
If you use secure passwords that are long and complex, and you use a different password for every account, you’ll realise that it is very hard to memorise all your passwords. Therefore, it’s useful if you store your passwords in a secure way. What isn’t secure, and what you shouldn’t do, is to store your passwords on a note in your phone or on your browser. Instead, we recommend that you store your passwords in an offline password manager.
A password manager is an application that stores your passwords in a secure way, as it encrypts all your passwords and the only way to access it is by entering a master password. We advise against online password managers like LastPass as they are more insecure that offline password managers. The password manager we recommend is KeePass. You can download it for your computer, Android, and iOS. For some help getting started you can read the official documentation or watch this short 3 minute video.
Two final points on how to use your password manager securely: