Password security – truth and myth

Password security - OpenSure blog

Password security is important, but it’s not everything

This blog post on password security was prompted by this comment:

Ofcom recently revealed that one in four British people still use the same password for all their activities online, suggesting we still have some way to go to fully understand computer security.

…in this article: Exploding the urban myths about how to stay safe online, on the BBC website. It’s worth reading as it covers several commonly held beliefs about online security. Go and change your passwords to something strong, hard to remember and harder to crack, then come back and read this blog post and the BBC article.

me73)hRRs6_3*r)( is an example of a strong password: it’s alphanumeric, has mixed case and includes symbols. It’s not impossible to crack but it’s tricky. It will probably put off the opportunist hacker. If the password is changed every few weeks, and distinctly distinct from your other passwords, you’re doing what you can as an ordinary individual using an ordinary connection and standard server security to employ password security as one element of keeping your online accounts protected.

Pride and Prejudice

Don’t imagine for one moment that you’re not interesting or exciting enough to have your machine hacked, or that because you visit only reputable sites that you aren’t putting yourself or your computer at risk of compromise. As the article explains, your security is not down just to judgments you make about the credentials of the sites you visit. There are many points of vulnerability in websites of all sorts, from loopholes in comment set-ups to default permissions to download web page elements. Much of this is quite opaque to the average home user, who is therefore running risks of which they are blissfully unaware.

Consider this:

all computers, if connected to the internet, are vulnerable

Sadly this is the truth. Password security is just one element of protecting yourself online and it would be irresponsible of us to suggest that all you need to arm yourself against trouble is a string of gobbledegook instead of ‘pa55w0rd’, but it’s shocking to see that such a high proportion of UK internet users are so cavalier about this first line of defence.