How bad would the damage be if your passwords were stolen?Last week's online attack that led to the theft of several million passwords for professional networking site LinkedIn and for online dating site eHarmony highlighted the vulnerability inherent in having an online presence. Perhaps the theft of your password for one website doesn't seem like it could do much damage but consider how many of your passwords are the same over multiple websites. How many sites or profiles could a hacker gain access to if they had your email password, especially with all of those helpful "I've forgotten my password" buttons on so many sites? How much information do you have stored online; either in email accounts, documents or online photo albums? In this story on Stuff a Christchurch nurse lost all the information she'd saved over the years in her email account which she'd used as a "filing cabinet".
Is there no hope for password security?This isn't to say that there is nothing you can do. We are not all just playing a giant game of chance with our online information. There are some simple steps you can take to minimise the risks. Obviously the best step would be to have totally different passwords for every site you use, especially when you combine numbers with both upper and lower case letters. Passwords that are completely unrelated to anything and that look like you generated them by dropping a cat onto a keyboard are very secure. "y7Gs55sUt" or "jc8B5p7Qq" would both be very difficult to crack. While those would be great I know that I would have absolutely no chance remembering one of those passwords, let alone the dozens many of us would need to use over different websites.
One option is to use software to store and even generate passwords. 1Password and LastPass are a couple of examples of programs which can be used to shift the responsibility for remembering passwords away from your memory, which opens up a huge variety of ludicrously complex password options. Suddenly "jd6FF8sJ8v" becomes just as practical as "cat" as far as your memory is concerned. Of course you then need to make sure you have a very secure password to log in to the service in the first place but one complex password is much easier to remember than twenty would be.
A few tips for creating stronger passwords
- Avoid using words from the dictionary.
- Include a mix of upper and lower case letters as well as numbers.
- Don't use "password" as a password. You'd be surprised how many people do this.
- Try using the last or first letters of a memorable sentence for a secure password. e.g. "When I was 13 I lived at 3 Makaro Street" = "WIw13Ila3MS"
- If you have to use the same password for multiple sites think about what would happen if a hacker stole that password from one site and tried it on them all. Try at the very least to have different passwords for your email, your online banking and for the rest of your internet presence.