Monday, 3 March 2014

Smarter Passwords - make your on-line security stronger while keeping it simple.

Passwords, they're everywhere. Many see them as a pain, it seems you need a password for everywhere  you go on the Internet. But they are important to keep your accounts and data safe from unwanted access. 

You may be tempted to choose a nice simple password that you can easily remember based on say a birthday, pet's name or a family member. You may also be tempted to use the same password for everything, it makes life easier right? This is the worst possible thing you could do, AVOID universal passwords at all cost. Just a few weeks back thousands of Tesco accounts were compromised not because Tescos' security was poor, not because hackers used some mad skills to extract the data but because over 2,000 users were using the same email and password combination on other sites. Attackers took advantage of low security elsewhere and managed to obtain a large list of email addresses and passwords, now armed with this list they can go to other services on the internet and try those email/password combinations to see what grants them access.

So how do you go about choosing a good password, make the password different across all your on-line services while at the same time still be able to remember them all??? 

One simple technique is to add the name or some letters from the actual site to your password for example for Facebook 
would become
FB<mypassword> or <mypassword>FB 
and then your Linked In password would be
LI<mypassword> or <mypassword>LI or even <mypassword>Linked
A small simple addition to your usual password can be enough to thwart attacks like that seen on the Tesco site and can also make your password obscure enough to not be easily guessed.

Another method is to take a sentence and use the letters from the beginning of those words, so something like Fuller Computings' account Password for Facebook would turn out as something like FCap4FB or Fuller Computing's password at Facebook could be FCp@FB.

Almost all modern browsers offer to save login details for websites, this option is great for not having to remember lots of passwords and just have your browser remember them for you. If you do decide to do this for the sake of security do keep some points in mind. First make sure it's your own personal device (does anyone else have access to this machine?) Second secure your device with a password (yes another password). Third don't allow anyone else to use your device / account.

Another option is to use a password manager like LastPass. The great thing about a service like this is that you will only need to remember one password and LastPass will create and remember all your login details right across the Internet.

Important things to remember, don't use passwords that can be easily guessed, do not use the same password for everything and keep your information safe.