Chances are, you regularly visit many places online where you need to use a password, from social sites like Pinterest, Facebook and Twitter to your online banking or weblog.
If you have an online business, identity theft is probably the most catastrophic thing that could happen to you, even worse than simple fraud. It can destroy the brand and online personality you've spent years building literally overnight. A strong and secure password is the only thing standing between you and anyone who wants access to your Facebook or Twitter account. You may think you don't have a high enough profile to be a hacking target, but there are a lot of bored teenagers in the world with computers, so it's better to be safe than sorry.
What makes a good password?
Firstly, there's a few things that a good password shouldn't include; anything that could be easily guessed, like your postcode, town of birth, or your pets name. It also shouldn't be something obvious like 12345 or 'password' (don't
laugh, 'password' is unfortunately an extremely popular password
choice!)
A really strong password should include a mixture of
letters, numbers and special characters such as & and %, and ideally
it should be at least 20 characters long. It shouldn't include any common English words, or obvious variations like replacing the letter 'e' with '3'. An example of a good password would be something like '/,Q>A6KicZ3tWg7$f7EPWn'. Unfortunately
this sort of password is quite impossible to remember, so most people
opt to either use a simpler password, or have a single strong password
that they write down somewhere near their computer, and then use for
everything.
But a strong password is not enough
OK, so now you have an idea how to create a strong password, your online activites should be safe and secure, right?
Well, unfortunately it's not that simple. Even
if you use a hard-to-guess password, there's still a chance that a bad
guy will get hold of it, most likely through no fault of yours. Every few weeks, it seems, a different high-profile website gets hacked, and the stored passwords for the site are posted online.
Ideally this wouldn't be a serious problem on its own, as the passwords are kept in an encrypted form by the website's owner. This means that you can't work out what the actual passwords are without knowing some additional secret information. In
practice though, many websites don't do as good a job with this
encryption as they could, and the passwords end up in the open as a
result.
Now usually the hacked site will notice what's happened fairly quickly, and notify its users to change their passwords. This limits the amount of direct damage to the hacked site, but now your super-secret password is out in the open. Even
if you change your password for the hacked website, any other site
where you've used the same password will be at risk. Even worse, since
these other sites don't have to be hacked for the bad guys to get in
because they already have your password, it's quite likely that no-one
will even notice that anything is wrong at first.
So what's the solution?
So given that even a strong password alone may not be enough, what else can you do? The
best advice here is to create a separate, strong password for every
site you use, so that even if one site is hacked, at least there's no
way a black hat can get into any of your other accounts with the
compromised password. But if
you do this, and follow the guidance above for good passwords, you're
going to end up with dozens (or maybe hundreds) of unpronounceable
passwords to try and keep track of. Luckily there's an easier way than generating and tracking these manually, called a password locker
NB: A "black hat" hacker is a hacker who "violates computer security for little reason beyond maliciousness or for personal gain" (Moore, 2005). Source: Wikipedia
NB: A "black hat" hacker is a hacker who "violates computer security for little reason beyond maliciousness or for personal gain" (Moore, 2005). Source: Wikipedia
Software Password Lockers
A software password locker mimics a common security
practice used to keep track of physical keys, which is a lockable box,
or key locker, that is used to store other keys. Only
a select few people have the master key to the key locker, and if one
of the stored keys goes missing, only the locks for that key need to be
changed. So long as the master keys are kept safe, all is well.
I use a password locker called 1Password. It's available for Windows, Apple Mac, iPhone/iPad and Android devices. It
also includes a handy web browser plugin which makes both generating
and automatically entering website passwords extra-simple.
A single master password is used to control access to the
program, and once it's unlocked you can quickly log into any site, or
generate a new secure password with a few clicks. It
automatically associates each password with the website it was
generated for, so it can enter your username and password for you next
time you visit the site.
1Password has a number of other handy features, such as
storage for credit card numbers, WiFi or modem logins, or any other
general notes you need to keep secure. It's
also able to synchronise all of this information between devices, so
you can have all of your password stored securely on your phone as well
as your computer.
So there you have it. There's
really no excuse to be using weak or recycled passwords, so do yourself
a favour and invest in a password locker application. If you ever have a password compromised, you'll be very glad you did.
Brett, aka Mr {CHA}, is married to Christine (CHA's editor) and together they have 3 loud and energetic children. Brett is an Electronic Engineer, who specialises in test and measurement systems. He has a passion Macs and War Hammer. He also suffers in silence with his wife's crafty adventures.
You can follow Brett on twitter or follow his blog Lonely Ant.
The opinions expressed by the author and and those providing comments are theirs alone. The CHA is not an affiliate of 1Password.
Further Reading:
Brett, aka Mr {CHA}, is married to Christine (CHA's editor) and together they have 3 loud and energetic children. Brett is an Electronic Engineer, who specialises in test and measurement systems. He has a passion Macs and War Hammer. He also suffers in silence with his wife's crafty adventures.
You can follow Brett on twitter or follow his blog Lonely Ant.
The opinions expressed by the author and and those providing comments are theirs alone. The CHA is not an affiliate of 1Password.
No comments:
Post a Comment
Thank you for commenting on the {CHA}