Creating a strong password isn’t hard. In fact, it’s easy and is an effective way of keeping prying eyes from sensitive information.
Which is why we’re stunned to hear of people not only using insecure passwords but recycling them – i.e. using the same password for Facebook, Netflix, Google, Dropbox, online banking, everything – as well.
Figures from Ofcom in 2013 revealed that more than half (55 per cent) of UK adults use the same for most if not all of their logins.
Just over a quarter (26 per cent) admitted using easy to use passwords – birthdays and names – which are makes them pretty vulnerable to hackers. One year on, it’s sad to see that not much has changed.
Results from a 500-strong survey conducted by Smoothwall in April 2012 showed that 70 per cent of users will use a password that’s easy for someone to guess and more than half re-use their passwords.
Definitions of an ‘insecure’ password includes, passwords less than six characters long, passwords that don’t include numb3rs, special characters or mess around with uPPeR anD LOwER cASeS.
Smoothwall is a web security company that’s provided research for ICT teachers, as children are identified as being among the most vulnerable to hacking.
“One of the most vulnerable groups to password theft are children – because many have never been taught how to create and maintain passwords,” says Simon Wilcox, Head of Marketing Operations at Smoothwall.
“Choosing a secure password is a matter of creating unlikely letter and number combinations. The longer and more obscure your password, the tougher it will be to crack.”
Broadband Security: Password tips
That’s a good rule of thumb for password creation. Pick something that nobody else could possibly guess and make sure it’s long and weird.
One good tip is to stick random words together. Don’t just pick one word from the dictionary (as those are easy for spyware programs to guess), pick four. Pick five. Go crazy.
Popular webcomic xkcd posted this genius explanation of how to choose a password using this method:
Looking at this example you’re already giving any kind of password-guessing bit of software a hard time.
As well as jumbling up words from the dictionary, throw in some upper case and number curveballs as well. In the example Smoothwall gave us, you could abbreviate ‘My car is a Ford Mondeo and I live in Birmingham’ to ‘Mci4FM&Ili8’.
Though nearly impossible to pronounce phonetically, it’s easy to remember the phrase and associate it with the actual password.
Broadband Security: Don’t use your date of birth or a maiden name
Your bank will ask you security questions to identify yourself, which are normally things like a date of birth, an address, PIN number, or your mother’s maiden name. So it’s not a good idea to use any of this when creating the basis of your password.
Choose something that’s easy for you to remember, but doesn’t actually identify you, where you live or when you were born.
Broadband Security: Use a different password for everything
Got Facebook? Got PayPal? Got internet banking? Got the same password for all of these?
If you want to be really secure, have a different password for everything that you use regularly. If you’re using these services regularly, you’ll get into the habit of entering the passwords and remembering them as you go.
If you don’t want to have a different password for absolutely everything, then you should at least prioritise anything to do with money (online banking, PayPal etc).
This way if someone manages to guess your Twitter password, then you’ve stopped them from getting easy access to your LinkedIn, eBay or whatever else.
Broadband Security: Delete any ‘Password Reset’ emails
If you’ve signed up for a new service or you’ve asked Facebook or whoever to change your password then you’ll normally be sent a notification email informing you of your new password change.
You should delete these emails so that anyone who does gain access to your email account won’t be able to read these and then hack your Facebook, etc.