Let me guess what your password is.
Does it have your name in it?
Or your age? Or the year you were born?
Or is it the name of your favorite band, celebrity or TV show?
I know that this topic has been discussed to death and that people who are much smarter than me have already said the things I'm about to say. But I think this is more important than ever, and I think we have to keep having this conversation, especially today, especially in a world where computers and the internet play such a large role in our lives.
And especially since, despite all that and despite the fact that this has been discussed so often, the list of the most commonly used passwords still includes such things as "password", "abc123" and "123456".
Also, a close friend of mine had their account compromised a while back, due to a scam. That's what compelled me to write about this in the first place.
Don't use passwords that are easy to guess, like the ones I mentioned above. Any hacker who knows what they're doing is going to try these passwords out. And if I wanted to log into your account, I would try those out (and maybe try out some slight variations like adding a number at the end) before I'd even bother trying to brute-force my way in.
Don't just use a random word from the dictionary. All I would have to do, if I wanted to get into your account, is to use one of those password cracking tools that do this stuff automatically and hook it up to a dictionary.
And don't use a short password. It should be at least 10 characters long, preferably longer, anything shorter than that just isn't safe.
Also, here's 3 other tips.
1: Use two-factor authentication.
This one is quite important and I suggest setting it up as soon as possible if you have a mobile phone and haven't set it up already. If someone tries to log into your account, even if they use the correct password, a notification (which will usually contain some kind of code) will be sent to your phone and you will have to verify that it's actually you who's trying to log into your account. Of course, there are ways that this can be breached, but it's good to have an additional layer of security.
I will admit that it took me way too long to get this set up for my main accounts.
I mean, it's kind of a pain in the ass sometimes, but you really should get this set up as soon as possible.
2. Don't use the same password for the e-mail address that's connected to your account.
This one is also important. If someone wants to steal your account, one of the first things they'll try to do once they've gotten access is to try and change the e-mail address and password that's connected to the account. And if the site or the app that you're using is made by people who know what they're doing, an e-mail will be sent to your e-mail address which you will have to open, and you'll have to click some link or enter some code to verify the changes.
The hacker will have to get into your e-mail account. And, since plenty of people use the same password everywhere, the hacker is going to try logging in with the same password that worked for the other account.
3 Don't use the same password in multiple places.
I suppose this one is more or less an extension of the previous point. If a hacker has gotten access to one of your accounts, it stands to reason that they're going to try the password that worked for that account to try to get into your other accounts.
If you've made it this far and are reading this, thanks a lot!
Greetings, and stay safe!
I am Bas de Groot, a starting indie developer. This blog consists of me rambling on about game development, stuff I like and issues that I care about.