Everywhere we go on the web these days we seem to need a password to ‘login’. From our Social Media Accounts to our Bank Accounts security is crucial.
In an ideal world you would have a brand new password for each and everything you log in to but for many of us that really may not be the most practical solution. Is the answer to get your computer to remember all those passwords for you? Maybe not!
For most of us the reality is that we have so many passwords we can’t possibly remember them all. It’s a big security risk to allow your browser to remember those passwords. They are open to being hacked whatever operating system (OS) you use. So what is the alternative?
You could consider using a spreadsheet which itself is password protected. The downside to this method is that if you forget the password to the spreadsheet – you’re stuffed! There is no way to recover it.
You could of course keep a little black book of all your passwords in your home or office safe, very inconvenient if you are out! Although this could be a good backup for family members if they needed access and you weren’t in a position to give them it.
Considering how many paswords you most likely use day on day you need a secure way to hold them which is quick and easy for you to access but is safe from hackers.
We suggest you look into using a Password Safe such as LastPass, MyKi or LogmeOnce. Remember, a Password Safe is only ever as secure as the ‘master password’, so it needs to be a good one. Always choose a Password Safe that encrypts your data.
For your online banking we strongly suggest a separate password used only for that and it isn’t written down or stored anywhere except in your head. I don’t even trust our Password Safe with that one!
Why choose a secure password?
So how do you choose a ‘secure’ password? You will probably be aware that using your name, birthday, kids’ names, dogs name or anything else obvious is a bad idea, but why?
There are very clever pieces of software available that can ‘guess’ at passwords very quickly and try them out on the login screen for whichever website is being targeted. For example, perhaps the target is the admin area of a ‘Content Managed’ website like WordPress. These nasty little programs repeatedly try various user names and password combinations until they get access – this is called a ‘brute force attack’ and is more common than you may realise.
So as an aside you should never have your User Name as admin, administrator, user, manager, test, sysadmin, support or any variation of these things – you could be doing half the hackers job for him. Avoid those words you readily find in a dictionary too, they are super easy to crack.
So how do you choose a secure password?
The basic rules are to avoid dictionary words (see above), car registration numbers, kids names, mother’s maiden name and birthdays. Ideally the longer your password the harder it is to discover so aim for at least 8 characters, preferably 12 or more. Use a combination of lower and uppercase letters, numbers and punctuation symbols.
One of my lovely customers suggested a great way to create a password – think of a sentence that contains a number and use the first letter of each word in that sentence together with the number and pop in a punctuation character or two.
So let’s give a fun example that could be secure shall we? Take the sentence, ‘My dog Toby has four legs and one tail!’, so we could create the password ‘MdTh4la1t!’. Ta dah! We have a much more secure password than using ‘Toby1’! The new password would take over 600 years to break where as the old password would take less than a second!
The longer and more complex you make the password the longer it would take a brute force program to break it. The important thing you should do now is look at all your passwords and update any that don’t measure up!
If you need help with any aspect of password security feel free to private message us – please don’t talk about passwords in the open comments.