The first time I had to set up an email, I didn’t really care about my password. I just wanted to finish up with the process and have access to an email so I just used my name as my password and in the hint column, the question I put there was “ what is my first name?” Can you imagine? That was how naive I was because I didn’t appreciate the functionality of a password. I was just in a hurry to set up the account. Times however have changed, having a weak password today puts you at a risk of your accounts being under all sorts of threats. Passwords have only one function and that is to secure your accounts. If your password is weak, your account is susceptible to many threats. These days, various platforms now ensure the use of strong passwords by requiring you to add an uppercase letter, numbers and special characters to strengthen the password, thus making it harder to guess.

It’s imperative to remember NEVER USE A WEAK PASSOWRD FROM THE START. They should not be in just words or numbers but must be scrambled, as scrambled passwords are infinitely safer. Avoid using pet names, birthdays, familiar street names or any other information that can be linked to you. Limit the use of dictionary words. Cyber security experts have advised that passwords be changed every 90 days.

Most ATM PINs require only 4 figures, which in itself is not very safe, as mathematically, there are only 10,000 different combinations possible in a 4 digit sequence. In the event that an ATM card gets missing, and cannot be immediately deactivated, a PIN with three of the same numbers in sequential order, for example, (5000, 0004, 3000) can be very dangerous. With such a PIN, the number of combinations is drastically reduced, so it’s much easier for a rogue or fraudster to guess the PIN and access the money. Don’t use the same password for multiple accounts, as cyber criminals may be able to access other accounts with one password, which may prove fatal or very damning.

Another important rule is DONT SHARE YOUR PASSWORD WITH ANYONE. Even though this rule in itself seems mundane, it’s very important. Passwords must only be given out during strict emergency situations and immediately changed as soon as possible. The moment someone else knows your password just know that account is no longer a personal one. Anything to compromise your account can happen either by intent or by accident. Sometime last year, a friend of mine (let’s call him John) gave his ATM card and PIN to a trusted relative (let’s call him Peter) to withdraw money for him from time to time because he claims as my friend’s busy schedule would not allow him to do so himself. One fateful day after work, John passed by the ATM to withdraw some money and upon checking his balance, he realized that it was GHC1,200 short. He called the bank to report the issue and details were given as to when the withdrawal took place which linked the circumstances to Peter , as he was the only other person with access to the bank account. John got home very angry, and questioned Peter only for Peter to tell him that he had been defrauded by certain people who had promised correct lotto numbers upon the payment of the bespoke GHC1,200. As you may have expected, the fraudsters absconded with the money and blocked Peter on all platforms. Peter was so embarrassed that he could not bring himself to John about his folly. This is just one story of what password sharing can lead to. No matter how much you may trust a person, you should not under any circumstance share a password. However, if you do share a password, endeavor to change it as soon as possible.

The third rule of passwords is BE VIGILANT. Verify notifications before opening them. Always look out for the source of your messages especially with your emails. So many techniques are being used by hackers these days to infiltrate accounts of users to read emails and retrieve passwords and important details of users to sell on the dark web. Also, anytime you access any of your accounts on any device which is not yours always remember to log out and disable the remember password option to prevent a third party from having access to your details. Ideally, it’s a high risk to access your accounts on a device you do not own. There are several that can retrieve password entries even when you log out. One of the most common methods that hackers use to steal passwords and other personal information is phishing attacks. Phishing is when a cybercriminal sends an email with fraudulent links to cloned websites or malicious attachments. When people click on a link or attachment, they will be sent to a fake login form designed to steal their login credentials. Bear in mind, phishing is a risk for big companies as well even though they are supposed to scramble employee passwords, this is called hashing. Hashing simply involves an algorithm performed on data to verify that data is not modified, tampered with or corrupted. But not everybody uses strong algorithms to do this[k2] . This[k3] makes it easy for hackers to reverse the hashing and gain access to the passwords. People feel they have no confidential or vital information hence they do not take issues of passwords seriously. Everyone is a target it’s just not your turn.

During this pandemic, we spend a considerable amount of time online due to limited movement and less social interactions. We have people working from home, increased social media usage, video conferencing for lectures and meetings and the internet of things as well. The least unusual activity you notice, the first thing you should do is change your password with immediate effect to prevent the risk of losing your account. Security is not achieved by security professionals alone, and cannot be accomplished with technology alone. The system or account to be secured is acknowledged to include other human elements whose decisions and actions play a vital role in the success of the security of programs and accounts, The phrase I will leave you with is “Passwords are like toothbrushes, choose a good one, never share and change occasionally.”



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store