When our day-to-day routines rely heavily on the internet and the various social media apps present, protecting our personal information and online presence is of utmost importance. With the recent leak of personal data belonging to 533 milllion Facebook users—around 900,000 of which are Filipinos—there's nothing to lose if we beef up the security measures of our social media accounts. Online leaks of data may be out of our hands, but creating a unique and strong password is a good start—and it's something we have control over.
To figure out what makes for a strong password, we talked to Louie Castañeda, country manager of Fortinet Philippines, the leading provider of cybersecurity solutions in the country.
Here's how you can create a strong password:
Passwords must be impossible to forget, but difficult to guess
While we want to make sure that we don't forget our passwords ourselves, we also have to consider the kinds of information we've shared to other people and how using these details for something as sensitive as passwords can pose a security risk. Castañeda advises, "It is important to develop passwords that are impossible to forget and difficult to guess, even for a person that may know intimate details of your life like the name of the street you grew up on or the name of your first dog."
Numbers and special characters are not fool-proof
Even though many would think that adding numbers and special characters to common words as your password is good practice—many sites actually require users to include these in passwords—he points out that "cybercriminals can leverage a number of attack techniques to crack this."
Do not use the same password for all your accounts
Additionally, he warns against the use of the same passwords for different social media accounts. "This increases the amount of information a cybercriminal can access if they are able to compromise your password," he points out. It's best to allot one password per account so that, when one gets compromised, your other accounts won't easily be accessed by perpetrators.
Avoid using any of these in passwords:
- Phone numbers
- Company information
- Names including movies and sports teams
- Simple obfuscation of a common word (“P@$$w0rd”)
These are information other people might know about you or are accessible online. The recent Facebook leak is also an example of why such details should not be used in passwords.
Take extra measures
Lastly, while our passwords should be enough to protect our accounts online, relying on other measures like the multi-factor authentication is a good practice in the event that hackers crack our password. "Multi-factor authentication confirms the identity of users by adding an additional step to the authentication process, whether it is through physical or mobile application-based tokens," Castañeda shares. "This ensures that even if a password is compromised, bad actors cannot access the information."
Here's how you can activate the two-factor authentication on various social media and messaging apps.