Passwords are one of the frustrations of modern life. We all know that they are important – like locks on our houses and cars – but do you go for convenience or security? If you have the same key for every lock, you’re in real trouble if you lose it – but having to carry a big bunch of keys and then find the right one can be a real pain…
Making your password your birthday is easy and convenient – but not secure. Remembering 12 random characters including 3 numbers and a mix of upper and lower case is much more secure, but hard to remember unless you’re Rain Man…
So you pick a random word – something long that nobody else would ever think of, something obscure and completely unguessable – but that you can remember.
But did you know that as well as guessing you might use your date of birth, hackers have programmes that just run through every word in the dictionary to access your secure areas?
And to make things worse, because we can’t remember 20 different words we tend to use the same word for all our passwords – which means once the bad guys succeed in one place – they can use your password everywhere…
So how can you cope with passwords?
Here are a few steps that will improve basic passwords and give a better compromise between security and convenience.
1. Throw in some mixed cases… (basic)
jusT raNDomeLy put Some capitals and LOWER case letters into your passwords. Sounds simple – but as far as the computer is concerned, a capital H is as different from a lower case h as it is from a colon.
2. Swap numbers and punctuation for letters… (slightly better)
Replace E with 3, L with 1, S with 5, I with !, A with @, C with <, and so on…
1t’5 r3a11y that 5imp13 (it’s really that simple)
It’s better than a basic word, but remember that if you thought of it – the hackers will too.
3. Use a formula (better)
Create a formula for yourself that you can remember. Sounds complicated, but it’s much easier to remember 3 or 4 ‘things’ that make up a 15 letter password than it is to remember a 10 letter password!
It could be anything – [Your birthday] + [first pet’s name] + [account name]
So that might be [18/11] + [SPOT] + [bank]
And to ring the changes a bit you can always swap your birthday for your partner’s birthday for personal passwords…
4. Use a familiar phrase – or a line from a song… (better still)
Just pick a random phrase that you can remember – a line from a favourite song, from a poem you learnt in school, from a film or from real life. As long as you can remember it.
Don’t stop me now
Dreaming of a white christmas
Run Forrest! Run!
Eat my shorts!
Not all accounts will let you do this – but it is a good way to remember a long password if it will.
5. Combine them all! (much better)
You can mix up all these to make it even harder to crack or to guess – just make sure you can remember the combination you use!
6. Use Passpack or something similar (much much better)
Tips 1-5 are all about creating relatively secure passwords that you will be able to remember – but memory is a fragile thing, and it’s risky to rely on it completely. Keeping a record allows your passwords to be more complicated – but how do you manage it?
You can keep a password protected spreadsheet in a secure location – but that is still open to hackers, and there is even an argument that says it’s safer to never store them digitally but just write them down and keep them in a secure place…
These online services that lets you keep all your user names and passwords in a secure location and (if you choose) even lets you log-in directly by entering the password for you. It is very secure, requiring a two stage log-in of a user name and password, plus a longer pass-phrase or ‘Welcome message’ to access the account.
Once in it also allows you to share passwords with other users – which is very useful in a team. You can then see your user name and copy your password without ever viewing it – and if you want a really secure password it will even create one for you to use – making it completely random.
That means that for a graphic and web design company like Hullabaloo – where we have dozens of websites and accounts – we can have a long, randomly generated, unique password for every website, but easily manage and share them as required.
Better still – many of these can be backed up with a two-factor login for important accounts. This is where once you have logged in with your user name and password, you receive a passcode on your mobile phone. Only once you’ve entered that can you access your account. This adds significant security, but unfortunately not all providers offer this as an option.
There are lots of providers like these – so you should look around and find one you like. Here is a great article from PixelPrivacy that compares a few of the better ones.
Like all security, you have to choose the balance you are comfortable with – and ultimately any password system is vulnerable to human error or just sheer processing power – remember those infinite monkeys typing shakespeare…
But with a bit of creative thinking and a modicum of discipline you can get a good compromise that gives you relatively easy access – and a level of security that is much higher than most.
Do you know something about passwords that we have missed? Do you just want to have a rant about them? Leave a comment and we will try to update this with any good ideas we receive.Back to the Blog