Here is our second instalment about security on the internet. This time we will be discussing passwords including choosing a password and saving passwords.
Everywhere we go on the web these days we seem to need a password to ‘login’. Ideally you should have a brand new password for each and everything you log in to but is that really practical? Should you get your computer to remember all those passwords for you? The answer to both questions, sadly, is ‘no’.
For most of us the reality is that we have so many passwords we can’t possibly remember them all and since it is a security risk asking your browser to remember those passwords what is the alternative?
We have 3 levels of password here at John Jelly offices. For those logins that don’t really matter, things like newsletter registration, we reuse the same password over and over – we chose a hard to guess password, it is reasonably secure but at the end of the day if our newsletter account is hacked are we really bothered?
For those things that need to be completely secure we have a spreadsheet which itself is password protected. The downside to this method is that if you forget the password to the spreadsheet – you’re stuffed! There is no way to recover it. You could of course keep a little black book of all your passwords in your safe, very inconvenient if you are out! Considering we have in excess of 160 passwords to remember we do need a secure way to hold them which is quick and easy for us to access but not for anyone else. Oh, and the spreadsheet isn’t called ‘passwords’ either!
You could utilise a Password Safe but this is only ever as secure as this master password, so it needs to be a good one. If you do choose a Password Safe make sure it is one that uses encrypted data.
For our online banking we have a separate password used only for that and it isn’t written down or stored anywhere except in our heads.
So how do you choose a ‘secure’ password? You will probably be aware that using your name, birthday, kids’ names, dogs name or anything else obvious is a bad idea, but why?
There are very clever pieces of software available that can ‘guess’ at passwords very quickly and try them out on the login screen for whichever website is being targeted. For example,perhaps the target is the admin area of a ‘Content Managed’ website like WordPress. These nasty little programs repeatedly try various user names and password combinations until they get access – this is called a ‘brute force attack’ and is more common than you may realise.
So as an aside you should never have your User Name as admin, administrator, user, manager, test, sysadmin, support or any variation of these things – you could be doing half the hackers job for him. Avoid those words you readily find in a dictionary too.
So how do you choose a secure password? The basic rules are to avoid dictionary words (see above), car registration numbers and birthdays. Ideally the longer your password the harder it is to discover so aim for at least 7 characters. Use a combination of lower and uppercase letters, numbers and punctuation.
One of my lovely customers suggested a great way to create a password – think of a sentence that contains a number and use the first letter of each word in that sentence together with the number and pop in a punctuation character. So let’s give a fun example that could be secure shall we? Take the sentence, ‘My dog Toby has four legs and one tail!’, so we could create the password ‘MdTh4la1t!’. Ta dah! We have a much more secure password than using ‘Toby1’!
We hope you haven’t been too shell shocked by this series of articles. The next post will cover spam, phishing and spoof emails. If you need help with any aspect of password security feel free to private message us – please don’t talk about passwords in the open comments.