The BBC today reports the startling discovery that people use their pet names in passwords and are influenced by the colours around them. Not only that, redheads choose better passwords than scruffy beardies and women favour length over the diversity that men go for. Seems password security is governed by forces bigger than any of us. And how do we know this? From analysis of the enormous quantity of password data that has been stolen. Says the article:
The number one conclusion from looking at that data – people are lousy at picking good passwords.
Maximising password security
We all know the rules – mix it up, lower case and upper, symbols, numbers, no real words etc. Chyoose something with no obvious connection to you. According to security expert Per Thorsheim quoted in the article, people slip up because…
…they use birthdays, wedding days, the names of siblings or children or pets. They use their house number, street name or pick on a favourite pop star.
Yes, we’re looking at you. When we establish services for you and give you a nightmarish password, and we hear you moaning that you’re never going to remember *that*, it’s for a good reason. Tiddl3s_01 is not going to cut it. We take the security of your services extremely seriously and a strong password is a clear element of that.
Minimising password security
If you’re a social media user of any kidney, especially the kind given to peppering your posts with real names and a fair bit of family detail and even more so if that account isn’t protected, read this:
Targeted attacks are likely to scour social media for words, names and dates important to a victim. Knowing the names of someone’s children, pets, parents or street can help unpick a password very quickly.
Interconnection is the point of so many social media platforms, making this sort of thing really very easy. Now go and change all your passwords, strip out identifying details from your social media accounts and above all, read that BBC article.
ETA: If you’re a K-9 user you might find this walk-through very useful if you want to change your password http://androidforums.com/android-applications/210475-how-do-i-change-password-k9-mail.html
Edited further: Read this Tech Week Europe article about the recent Russian discovery of a stash of stolen passwords, and the connections to social media and poor password practice.