Today, most of us conduct a huge part of our lives online. We keep in touch with family, friends, and colleagues through email, instant messaging, and social networks. We use Internet banking instead of standing in bank queues, and buy groceries, clothes, and even takeaway food all from the comfort of our homes.

While we all appreciate the speed and convenience of our new digital lives, we need to understand that this also exposes us to the risk of identity theft, fraud, and ransomware. It’s not just businesses that are being targeted ─ in 2016, a staggering 1.1 billion individual digital identities were exposed worldwide.

Many of us are thinking ‘we’ve heard all this before’ but the statistics show that the threat is increasing and the consequences can be devastating. Those who’ve been victims of cybercrime in their personal capacity will attest to the embarrassment and humiliation of having their personal details, photos, and videos of family and friends distributed online, the financial loss resulting from online fraud and identity theft … and the months or even years of stress that follow as they try to clear their names.

So where does the risk to our identities come from? The answer is credentials. Think about it: for every digital engagement or transaction we perform, we typically need login credentials – i.e. a username and a password. But today, we have so many credentials that it’s difficult to keep track of them all, and as a result, many people use the same password to gain access to their email accounts, online banking facilities, as well as their work systems. And when it comes time to change our passwords, many of us simply make minor modifications to the original, for example:

• password
• password123
• password123#

The problem with reusing passwords is that it’s like having one key to unlock the door to your home, your car, your office, and your bank safety deposit box. If this key were to be lost or stolen, you’d be exposed to risk on a number of different levels. In the same way, a savvy hacker can identify multiple places to use your credentials to defraud or impersonate you.

So how exactly do cybercriminals manage to get their hands on our passwords and credentials?

Human behaviour is well understood by cybercriminals – they build lists of the most easily guessed passwords and assemble ‘dictionaries’ of the most commonly used words that people include in their passwords – for example hobbies, sports heroes’ names, titles of popular movies, famous lines from favourite movies (e.g. ‘I’ll be back’ ), etc. – to crack passwords.

The first step in protecting your digital identity is to ensure you create strong and distinct personas for each of the different aspects of your life. For example, you should never mix your work passwords with the passwords you use for your personal Gmail or online banking accounts. Creating a strong separation between the two, protects both you and your company or organisation. So in the event that your employer’s systems were to be compromised and your work passwords exposed, your personal passwords would remain safe – and vice-versa.

It’s also important that the passwords you choose are long and complex and contain a mix of upper and lower case letters, symbols, and numbers. There are a number of approaches to remembering and storing these, which we’ll talk about in the next update of the Cybersecurity life skills series.