Passwords are an important way of protecting your online accounts. They should be strong and you should be able to remember them.
Try to use a separate password for each login. One of the best ways to create a strong and memorable password is to use three random words. Adding symbols and numbers and a mix of capital and small letters can help to add complexity. A strong password is at least 8-12 characters long, or more if you can manage it.
An example would be fizzy orange dolphins written like this:
F1zzyoR@ng3D0lph1n5!
A website called How secure is my password? will help you test your passwords strength.
Use a strong, separate password for your email
Cyber criminals can use your email to access many of your personal accounts. Having a strong, separate password for your email means that if cyber criminals steal the password for one of your less important accounts, they can’t use it to access your email account.
Cyber criminals: People impersonating you to commit fraud and other crimes, including:
Accessing your bank account
Purchasing items online with your money
Impersonating you on social networking and dating sites
Sending emails in your name
Accessing the private information held on your computer
Using all the letters, numbers and symbols on a keyboard individually cut out on squares of paper or card. Ask the participants to collect the symbols and letters they would like to use to build a password.
As an icebreaker at the beginning of the workshop:. Test this password online for strength. Deliver the session plan. Repeat the activity after the info session to show how much small changes can improve password strength, keep us safer and our information more secure.
For more advice and top tips on staying safe online, safe secure and strong passwords go to:
https://www.ncsc.gov.uk/collection/top-tips-for-staying-secure-online
https://howsecureismypassword.net/
https://lastpass.com/howsecure.php
https://www.symantec.com/connect/blogs/test-your-password-strength-test
https://spunout.ie/life/article/setting-up-a-secure-password
A VPN (Virtual Private Network) is a product that allows safe and private access to the internet. It works by routing your internet connection through a server and hiding your actions online.
How Does a VPN Work?
You will usually download a piece of software to your computer or an app on your phone or tablet. This VPN software is what encrypts your data and keeps it private.
The software encrypts your data, even before your Internet Service Provider or the free WiFi service gets a chance to see it.
Your data then goes to the server of the VPN company, and from their secure servers to your online destination, website etc.
Why should I use one? When we are not in our homes, there are many places these days that we can get access to free WiFi. Shops, cafes, libraries and a range of other public spaces have free WiFi. This can be very tempting to use, however these are not secure connections, and although unlikely, your information may be able to be seen by someone spying on the network.
You should never transmit any sensitive information such as personal details and passwords across these open WiFi networks. A VPN protects you while using these open WiFi connections by routing you through a secure, private server.
Is it legal to use a VPN?
Yes it is, however there may be some restrictions in some places, but not always.
In general VPNs seem to be okay to use in most countries, especially in the US, Canada, the UK, the rest of Western Europe. (Important! What matters here is your physical location when using the VPN.)
However generally, VPNs are often not ok in China, Turkey, Iraq, United Arab Emirates, Belarus, Oman, Russia, Iran, North Korea, and Turkmenistan. These countries often restrict what people can access online from their countries.
Are they free or do they cost?
Most VPN’s will cost a monthly fee, although this is often just a few pounds per month. You can get deals which cover multiple devices, for a whole family for instance. There are a few free options, however they will restrict the amount of data you can transmit or download using them.
Always check out reviews of these products before making a decision. There is no ‘best’ VPN, but most of the main suppliers have a good reputation.
Will they work on my phone or tablet? Yes, there are a number of VPN apps that will work on Android and iOS.
Password Managers
Passwords are everywhere these days, many of us will use multiple services online which all need a password. Nobody likes trying to remember passwords but they are a fact of life.
Many people try to use the same password for multiple accounts, however this is not a good approach to your online security.
Ideally you should use a different password for every account you have, and it needs to be secure.
Always remember that your passwords should be as long as you can manage and should have a mixture of upper and lower case characters as well as numbers and symbols.
Other security measures: These days we have moved, on some newer devices, to fingerprint and face scanning to help with securing our devices and our accounts, but most people are still reliant on passwords.
How do I remember them all? Maybe you need to think about a password manager.
What is a password manager?
You can imagine that a password manager is like an electronic version of a little book you may have written your passwords in, locked with a master key, but instead they usually use a master password.
What if someone gets my master password?
That could be a problem, however, if you have used a very secure password that you are not using anywhere else then you should be as safe as you can be.
Do they do anything else? Password managers can also help you to create very secure passwords when signing up to new accounts online. Most password managers attach themselves to your internet browser and recognise when you are signing up for a new account. When you return to the site they will usually automatically put your password in for you.
Many of them will work across your home computer or laptop and your phone or tablet to synchronise your passwords on all the devices you own.
Resilience question and answer
How can passwords be hacked, and what can I do to stop it?
There are loads of different ways your accounts’ security could be bypassed, but here are some of the most common.
You left your account open or signed-in
How it happens – Sometimes leaving your account signed-in on a computer that is shared with others can be the same as simply telling someone your password. All they need to do is use the computer or device after you, and they’re away. This can also be the case when you don’t lock your devices such as phones, tablets and laptops.
How to stop it – Firstly only ever click “remember me” when signing onto your own computer or device. Never have a browser or device remember your account when you don’t control it. For devices that are yours, always make sure you have a password or pin lock on it and put the device to sleep or log out when you’re done.
You picked a terrible password
How it happens – Simple passwords can be really easily guessed with a ‘brute force attack’, which goes through all possible password phrases that are guessable until they find it. Simple passwords with dictionary words and simple numbers are the most vulnerable to this attack.
How to stop it – Pick a good, complex password that is not easily guessable. A good password (as outlined above) has more than 8 characters, has upper and lower case letters, has numbers and also contains symbols. You should avoid simple dictionary words, patterns of keys on a keyboard and names which are significant to you that people might know about (such as locations or family members’ names)
Account recovery hack
How it happens – Account recovery tools are often useful when you have forgotten your username or password and need to reset your account. You answer a secret question only you know the answer to and are prompted to reset your password or else a link is emailed to you. The problem is that most people use questions and answers which a lot of people can easily find the answers to. Such as the city you were born in, your mother’s maiden name or your first pet. If you have a simple question like one of those, your account is vulnerable.
How you can stop it – Pick a question that you only know the answer to. If it allows you to write the question all the better. Pick something secret and personal that only you know the answer to which will prevent people from being able to accurately guess what your secret question answer is.
There was a data breach
How it happens – Sometimes the company you have an account with suffers a little hacking of their own. This can be terrible, not just for the company, but for all their users. A huge number of people use the same password for all of their online accounts meaning that when one of your accounts is hacked, they all are. The hackers can take the password they learned from one account, and use it to sign into another.
How you can stop it – While you can’t stop the company you have an account with from being hacked, you can take precautions to minimize the damage. Make sure you don’t use the same password everywhere. This will mean you won’t lose all your other accounts. Also, if you can use two step sign-in then go for it. This means that even if your password is compromised, others can’t sign in without your phone verifying your information.
Learning Links
• https://www.internetmatters.org/
•https://spunout.ie/life/article/setting-up-a-secure-password
•https://www.webwise.ie/parents/guide-social-networking-advice-for-parents/
• https://www.cybersecuritychallenge.org.uk/competitions/play-demand-cyphinx
• https://www.gov.scot/policies/cyber-resilience/advice-guidance/
• https://www.ncsc.gov.uk/blog-post/cyber-resilience-nothing-sneeze