Wednesday, June 13, 2012

Password Security: How good is yours?

How bad would the damage be if your passwords were stolen?

Last week's online attack that led to the theft of several million passwords for professional networking site LinkedIn and for online dating site eHarmony highlighted the vulnerability inherent in having an online presence. Perhaps the theft of your password for one website doesn't seem like it could do much damage but consider how many of your passwords are the same over multiple websites. How many sites or profiles could a hacker gain access to if they had your email password, especially with all of those helpful "I've forgotten my password" buttons on so many sites? How much information do you have stored online; either in email accounts, documents or online photo albums? In this story on Stuff a Christchurch nurse lost all the information she'd saved over the years in her email account which she'd used as a "filing cabinet".

Is there no hope for password security?

This isn't to say that there is nothing you can do. We are not all just playing a giant game of chance with our online information. There are some simple steps you can take to minimise the risks. Obviously the best step would be to have totally different passwords for every site you use, especially when you combine numbers with both upper and lower case letters. Passwords that are completely unrelated to anything and that look like you generated them by dropping a cat onto a keyboard are very secure. "y7Gs55sUt" or "jc8B5p7Qq" would both be very difficult to crack. While those would be great I know that I would have absolutely no chance remembering one of those passwords, let alone the dozens many of us would need to use over different websites.

One option is to use software to store and even generate passwords. 1Password and LastPass are a couple of examples of programs which can be used to shift the responsibility for remembering passwords away from your memory, which opens up a huge variety of ludicrously complex password options. Suddenly "jd6FF8sJ8v" becomes just as practical as "cat" as far as your memory is concerned. Of course you then need to make sure you have a very secure password to log in to the service in the first place but one complex password is much easier to remember than twenty would be.

A few tips for creating stronger passwords

  • Avoid using words from the dictionary.
  • Include a mix of upper and lower case letters as well as numbers.
  • Don't use "password" as a password. You'd be surprised how many people do this.
  • Try using the last or first letters of a memorable sentence for a secure password. e.g. "When I was 13 I lived at 3 Makaro Street" = "WIw13Ila3MS"
  • If you have to use the same password for multiple sites think about what would happen if a hacker stole that password from one site and tried it on them all. Try at the very least to have different passwords for your email, your online banking and for the rest of your internet presence.

Final thoughts on password security

It is incredibly important to be thinking about password protection when online. The web is an open environment with tremendous opportunities for making connections and for organising data but its same openness creates opportunities for hackers. There is always inherent risk in the world around us, we just need to be sure that me do our best to minimise those risks. Follow us on Twitter or 'like' our page on Facebook for more tips in the future.

No comments:

Post a Comment