Ensuring you have secure passwords is 'one of the most important things you can do'

With many people increasing their online presence in the last year with the COVID-19 pandemic, experts are urging people to stay on top of their passwords.

“Our recent research actually shows that an average person has around 100 passwords, so that’s really a lot,” said Patricia Cerniauskaite, senior public relations manager with NordPass. “With all of the data breaches that are happening today, it’s really important that we do take this one day, at least, in the year to really think about our passwords.”

World Password Day is held May 6 as a reminder for people to update and organize all their recent passwords to avoid security breaches.

“I think having a secure password is one of the most important things you can do,” said Aaron Langille, a computer science professor at Laurentian University. “We have so much of our information -- personal and otherwise -- online that, you know, the password is the first line of defense to securing it and making sure it isn’t available to people that we don’t want it to be available to.”

NordPass said in the past year, several passwords have been created in relation to the pandemic. Although easier to remember, experts say such passwords are not a good idea.

“It’s really important to note that if it inspires you to create such password, it will also inspire a hacker to think of such password and try to hack into your account by using such simple phrases,” said Cerniauskaite.

'Corona' a popular password

“The password 'corona' and combinations of it, for example corona1 or corona01, were used more than 100,000 times and the password lockdown and combination of it were used more than 62,000 times. So that’s really a lot of passwords that are the same.”

Although unaware of exact numbers, she said data breaches happen on a daily basis, making it important for people to come up with original passwords for every account.

“Today we do have a lot of passwords so it’s definitely not really easy to come up with secure ones,” she said. “There are, of course, a lot of tools that could help you. For example, there are a lot of online password generators that can make you a secure password. Because a secure password is at least 12 characters long and it should contain upper case and lower case letters, numbers, special characters and so on.”

However, Langille said having a different password for everything and being able to remember them all isn’t necessarily realistic.

“Having a unique password per place that you need a password is ideal,” he said. “But again, we are on so many sites and so many places, so many apps … one of the things that is recommended is using a password manager.”

He said a lot of studies suggest that “purely random passwords are best.”

“But there are other studies that say that is simply too difficult to remember those sort of generated passwords," Langille said. "So one of things that people can do if they want a secure password that isn’t as difficult to remember as a completely random password is to use words or names that are meaningful to them, but to not use the whole word or the whole name."

Experts also suggest changing your password several times a year and never write down or tell people your information.

“No point (in) creating a secure password, a complex password, and then sticking that password on your computer and ‘here it is for the world to see.’ So it really doesn’t matter how secure the password is if anyone has access to it,” said Cerniauskaite.