With the phone hacking scandal and this week’s Russian webcam website, the issue of insecure passwords is on everyone’s minds. An astonishing number of people either do not change their password from the original default (often Admin or 1234) or choose something so obvious that their password may as well be “Password”. Increasingly sophisticated fake links in posts on websites like eBay and Fiverr have also been very successful, so always check your address bar to make sure that unexpected login screen is actually on the website it pretends to be and you haven’t just clicked a link in a post and been bounced to a fake shopfront.
Password bots spend their days wearily going through your accounts trying to guess passwords too, so should we all live in fear of having our accounts hacked? Not if you take a few steps to create secure passwords. Here’s a few tips.
Don’t use the same password for every website. I know it’s convenient, and I know it’s hard to remember which password is which, but if you have the same password for everything, then if one account is compromised, all accounts are compromised. Consider at least having a password for less important website logins and a few different ones for the more essential ones. So for instance your online banking password should never be the same as the login you use for Koala Jewel Match, and your Barbie Sparkle Girlie Club password should probably not be identical to the password on your email account.
This may seem obvious, but choose a password that is difficult to guess. Not just difficult for someone who knows you (so favourite band, birthdate, child’s name, your name, hometown) but difficult for any automated password guessing bots. This means using a mix of lower and upper case, numbers and symbols. Most websites now require you to do this anyway, but again the majority of people just make the first letter upper case and add a “1” to the end of the password. “Password1” being top of the list. Don’t do this. A common suggestion is to substitute letters for similar numbers, so choosing a password and then replacing all the Es with 3s or Bs with 8s. Don’t do this either, all modern password bots include this replacement algorithm. One good strategy is to choose two completely unrelated words that you can remember, and stick a number in the middle or either side that you can remember. So if you randomly happen to like the name Fido, you happen to like Courgettes and you enjoyed Seventies Sc-Fi series Space 1999 then FidoS1999Courgette is a good password. Putting together three unrelated terms greatly increases the security. Use four terms if you can and if you can remember it, put a character in there too like & or !.
Most important of all, don’t tell anyone your password, and don’t write it down. If you must write passwords down somewhere, change them slightly, use a simple code like replacing the first character with the next letter along in the alphabet, or adding a couple of erroneous numbers at the end.
Arguably, your email password is the most important, once someone has this, they can go into all your other accounts, click “Forgot Password” and change it using a password reset email. So make sure your email password is unique, if you are using an email client choose one with several characters and numbers, you won’t be typing it in regularly, your client will remember it for you.
If you are using an Apple device consider their iCloud Keychain application, all your accounts, usernames, passwords and credit card details can then be stored on Apples AES 56-bit encrypted server and synced across all your devices. If you are not using it yet, have a look.
I have to go now and change my email password from FidoS1999Courgette before the account gets hacked.
[Image via blog.lookout]