MANILA - Most websites and apps recommend that users use ‘strong passwords’ consisting of 8-12 characters using a mix of numbers, letters and characters, but cybersecurity experts say passwords like these also have their drawbacks.
Besides being hard to guess, they are also hard to remember, according to one expert.
"The challenge with a hard password, we found out in studies, [is] if we make the password too hard, what people would do is that they would write it down, and they would try to not change it as often as possible kasi mahirap siya (because it’s difficult),” said William Yu, chief technology officer at software firm MDi Novare.
Yu said if you don’t change your passwords regularly, your account becomes less secure.
Instead of making very hard passwords, Yu recommends keeping simple enough to remember while still keeping them complex enough to prevent anyone from guessing them.
"Ako I tend to use, instead of password, a passphrase. Isang linya sa kanta na maaring umabot nang 30 or 40 characters or maybe even 50 (One line in a song that can be 30 or 40 characters long or maybe even 50),” said privacy and information security consultant, Lito Averia.
He added that he uses Tagalog words so English speakers can’t understand them.
Averia also recommends having different passwords for different apps and accounts.
"Kung may Facebook account ka iba dapat 'yung password niyan kung may Instagram account ka,” said Averia.
(If you have a Facebook account, its password should be different from your Instagram account.)
Averia also discourages ‘linking’ apps, which lets one app be accessed by logging into another app.
“While linking all those apps makes it convenient for you but there is in exchange you are exposing yourself to more risks," Averia explained.
Yu also said that while remembering passwords is the preferred option, password management services like those offered by companies like Google can also be used to keep track of various accounts.
Yu also recommends using multi-factor authentication, and advises netizens against using their mother's maiden names and birthdays for the answer to their security questions.
The most important thing, Yu and Averia said, is not to become complacent, and practice cyber-hygiene.
"You just don't do one thing to secure yourself. Use the latest software or install anti-virus software. Security is unfortunately not that simple. It's an ecosystem of things to do. And one of the most important things that you have to do is basically watch your behavior," Yu explained.