They’re unfortunately necessary, too often they can be simple, but intelligently complex is much better and in theory they safeguard our well-being. No we’re not talking about politicians. We’re talking about passwords.
On May 3rd
it’s World Password Day. You might well say is there any day in the calendar that doesn’t celebrate something? Probably not. But having a tough and difficult to crack password is as important as having a robust lock on your front door. You simply wouldn’t leave home without one.
A weak password is an open invitation for malicious hackers to rob, pillage, plunder and make off with your valuable personal data, either to sell it in the hacker underground, empty your bank accounts or just wreak havoc.
Any number of surveys reveals the same thing over and over. People still use easy-to-crack passwords such as ‘123456’, ‘qwerty’, the name of a pet or even ‘password.’
- Using a simple password cracking program hackers can crack your account password very easily. These ‘brute-force’ programs make multiple guesses, at high speed, until the password is fully cracked. The program may take a few minutes or a century; it all depends on the complexity of the password. If the password is simple it can be cracked in seconds.
- Many people use the same username and password for all their accounts. Hackers run programs that enter stolen username and password details on tens of thousands of sites until one hits. When it does they have access to your accounts and credentials.
- You may practise good security on your home computers but we have seen repeatedly organisations that hold thousands and millions of customer records, including user names and passwords, are consistently hacked, losing all this information. This data is typically put for sale in the hacker underground.
Good password practice
- Some of the easiest-to-remember passwords aren’t words at all but collections of words that form a phrase or sentence. This could be opening line of a novel, poem or even song, with some numbers and symbols also scattered into it.
- Complexity is good, but length is also critical. It used to be that an alphanumeric password only 8-10 characters in length was good. But these it’s increasingly easy for hackers to build extremely powerful and fast password cracking tools that can run through tens of millions of possible password combinations in a second.
- Each character you add to a password makes it an order of magnitude harder to attack via brute-force methods.
- Don’t use the same password on multiple websites. If a website is sensitive, that is, it stores personal information such as name, address and card numbers, this information can be used to make purchases in your name.
- Don’t use the password you use for your email account at other online sites. If an e-commerce site you are registered with gets hacked, there’s a high chance that your password, once cracked will be tried for other accounts, including your email.
- Do use two factor authentication if available. Most online services now offer this and it works by adding an additional layer of security to your personal accounts. This can help reduce the risk of particularly nasty cyber- crime like identity theft, phishing scams and online fraud.
- In summary you should use passwords that are lengthy and with some numbers and symbols randomly thrown in.
- Adopt two factor authentication.
- If you use the same username and password on all accounts, it can leave you extremely vulnerable.
However, from a practical point of view it can be very difficult to remember all your passwords. The best advice says you should never write your password details down. But it is alright to do this as long as the information is not displayed somewhere obvious like a sticky note on your computer screen.
Password Managers are also a good option. They automatically create strong passwords for you and securely store them, so for each online account you have you can have robust password that is easily remembered.
Looking a bit further ahead you might also want to consider BullGuard Premium Protection
. It doesn’t create passwords for you but it certainly keeps them safe along with all your other personal information.
Premium Protection scans the entire web for your passwords, usernames, email and postal addresses, phone numbers, credit card numbers and any other information you provide. If any of your registered details is made public online (a sign that it has been stolen from somewhere) we immediately alert you, via email or text message, and provide you with advice on what to do next.