Password security is important, but it’s not everything
This blog post on password security was prompted by this comment:
Ofcom recently revealed that one in four British people still use the same password for all their activities online, suggesting we still have some way to go to fully understand computer security.
…in this article: Exploding the urban myths about how to stay safe online, on the BBC website. It’s worth reading as it covers several commonly held beliefs about online security. Go and change your passwords to something strong, hard to remember and harder to crack, then come back and read this blog post and the BBC article.
me73)hRRs6_3*r)( is an example of a strong password: it’s alphanumeric, has mixed case and includes symbols. It’s not impossible to crack but it’s tricky. It will probably put off the opportunist hacker. If the password is changed every few weeks, and distinctly distinct from your other passwords, you’re doing what you can as an ordinary individual using an ordinary connection and standard server security to employ password security as one element of keeping your online accounts protected.
Pride and Prejudice
Don’t imagine for one moment that you’re not interesting or exciting enough to have your machine hacked, or that because you visit only reputable sites that you aren’t putting yourself or your computer at risk of compromise. As the article explains, your security is not down just to judgments you make about the credentials of the sites you visit. There are many points of vulnerability in websites of all sorts, from loopholes in comment set-ups to default permissions to download web page elements. Much of this is quite opaque to the average home user, who is therefore running risks of which they are blissfully unaware.
Consider this:
all computers, if connected to the internet, are vulnerable
Sadly this is the truth. Password security is just one element of protecting yourself online and it would be irresponsible of us to suggest that all you need to arm yourself against trouble is a string of gobbledegook instead of ‘pa55w0rd’, but it’s shocking to see that such a high proportion of UK internet users are so cavalier about this first line of defence.
Great article – thanks!
One question. If the password is really hard to remember how does one…well…remember it?
Having a file on your computer storing all your passwords is probably not a good idea. Write it on a scrap of paper? Not ideal either. This is my struggle. I’ve come up with some amazing passwords that no one in the history of human existence would ever guess and which the very first time I go back I have completely forgotten. I had a cunning “algorithm” in my head that I had used to concoct it certain I’d remember things like the date I first “kissed” a girl, the alcohol content of my favourite beer, the number of times George W Bush spoke sense in his presidency. Do I write the algorithm down then?
What are your thoughts?
Hi Ambrose, thanks for making a comment! There are two main ways we could recommend.
One is to use a very long pass phrase instead of a random password. A sentence or perhaps better, a fragment of a line of a letter, song, play or film etc can have eg 30 or 100 characters and that makes it very hard to break and difficult even to guess the length of the password to break and yet is easily remembered by the user with a high degree of accuracy.
The other is to remember just one highly complex password and use that to encrypt a file that stores your passwords. You can do that with commercial on-line services like lastpass.com or run your own alternative with open source like Keepass.
Or perhaps a third might be to combine the two and use a very long pass phrase to access an encrypted store of unique complex random passwords for all your other accounts!
Keep safe!