In 1961 the world’s first digital password system was introduced by MIT computer science professor, Fernando Corbato, who needed a way to provide time-limited, secure access to MIT’s research computer (user details were verified against a master password file).
Not everyone was satisfied with the time they were allocated, though, and a PhD candidate named Allan Scherr — unhappy with his weekly hours — inserted his own code into the computer’s operating system, which gave him unlimited access. But it appears this wasn’t enough for Scherr, who — once his access was revoked at the end of his PhD — then proceeded to print out and steal the master password file, thus becoming the world’s first password hacker.
Ever since, there has been an arms race between those looking to secure access to digital systems and those trying to breach them. And whilst cyber security techniques and technology have developed, the underlying motives of hackers remain the same.
In the following tips we provide the latest advice from F‑Secure’s experts on how to guarantee that you have a secure password, ensuring that your details never fall into the hands of cyber criminals.
Despite the increasing usage of two‑factor authentication, a secure password is still a vital component in protecting our online accounts and avoiding a data breach.
Both a strong password and two‑factor authentication are absolutely crucial for securing online identities
, explained Laura Kankaala, F‑Secure’s Threat Intelligence Lead.
But it isn’t just about creating a single, secure password that you can use across multiple services: passwords for online accounts should also be unique.
The uniqueness of the password further protects our online identities. Even if we accidentally type our password in a malicious fake site, our whole online life is not compromised via a common password in the critical services that we use
, Kankaala said.
Thankfully, you can create complex and unique passwords using free tools such as F‑Secure’s strong password generator. And if you want to go a step further, and securely store and access your passwords, we also recommend using a password manager.
A password manager is an application that generates complex passwords for you and also stores them securely. To access your password vault, you only need to remember one master
password, and your manager does the rest. (F‑Secure’s highly‑rated ID Protection enables you to generate and manage strong passwords for every online account that you have, and it also monitors data breaches and the dark web, notifying you if any of your accounts have been breached.)
Properly securing your online accounts is vital. The first part of this is coming up with a secure password for each account, which is unique and complex. But you should also enable two‑factor authentication wherever you can, because once an account has been breached, there’s a high probability that you will be locked out — and find it extremely difficult to regain ownership.
For example, when an Instagram account has been hacked, or shut down by Meta (Instagram’s parent company) it can be an uphill struggle for the legitimate owner to reclaim it.
Secure your account
, Kankaala explained. It’s not only about strong passwords. It’s also about enabling two‑factor authentication, activating login requests so you know when a new device tries to access your account, and being mindful which 3rd‑party applications, such as Tinder, have access to your Instagram.
Users who have been locked out of their accounts often spend months trying to get help from the site account recovery process includes submitting pictures or videos of yourself — which creates opportunities for people looking to exploit the recovery mechanism by using photoshopped, or even deepfaked content, to take over others’ accounts
, Kankaala concluded.
It’s important that you always use complex and unique passwords when securing your online accounts. However, there are circumstances where you will need to be able to remember a secure password, such as when you’re logging into a password manager or a Windows domain. In these cases, you can approach things a little differently, and create a memorable password by using a series of random words, also known as a passphrase
.
Assuming your organization doesn’t have additional silly complexity rules like passwords must contain two emojis and at least one gif of a kitten, I suggest using five or more random words for these passwords that are easy for you to remember and type
, said Fennel Aurora, Product Management Community Lead at F‑Secure. Even if your organization requires additional complexity, you can start from the five random words and change a few places to meet the arbitrary rules — add a capital letter, add a number, add a symbol.
The important word here is random
. For a five‑word passphrase it would take more than a million years to crack a random selection of five words taken from a 100,000‑word dictionary, but picking five completely random words is actually harder than you might think. Thankfully, F‑Secure has developed its own free passphrase generator, which takes all the pain out of the process.
The free strong password generator from F‑Secure produces passwords up to 32 characters in length. Using uppercase, lowercase, numbers, and special characters, you will get passwords that are impossible to crack.
Start generating strong passwords today.