Geeks2U Promise
We guarantee you'll love our fast, friendly service - or we'll refund your money.  
133,572 Happy Customers & Counting
Need tech support?
1300 769 448
Extended hours, 7 days a week
Home  /  geekspeak  /  Passwords are hard work, but protection is important

Passwords are hard work, but protection is important

login and password

Good passwords keep your online accounts safe and secure, but far too many of us break the simple commandments of password creation. It’s not a terribly difficult set of rules; don’t use common dictionary words as your password (especially common fare such as “password” or “123456”, use something memorable to you and (preferably) only you, and don’t re-use one password for one site on another, because if there’s a large scale security leak (over which you may have little or no control) at one site, a common password could leave other sites you log into susceptible as well.

LinkedIN had that issue come to the fore recently with the results of a hack that actually dates back to 2012 going live online, with potentially millions of susceptible accounts revealed. You may have received an email instructing you to change your password; frankly if you use LinkedIN I’d suggest it’s good form to change your password regardless in any case, because regularly changing your passwords is general good security form anyway.

With that in mind, however, you’ve got to pick a new secure password, and this then shifts to the secondary problem. Most of us are terrible at picking secure passwords, because picking something that’s both unique and memorable for the dozens of services many of us use online is actually hard work. To complicate matters, many of the ways that sites actively try to force us to create “strong” passwords may actually make those passwords easier to crack, even while making them seemingly harder to create.

That’s because en masse, people tend to think and create in rather predictable patterns. I’ll give you a very simple example. You’re told to create a password. You choose “password”, because it’s simple. Yes, this is a terrible password, but let that slide for a moment. The system you’re entering it into rejects it because the rules for that site require a number to be part of the password.

An awful lot of people would then choose “password1”, just because it’s the first number in any simple counting system. Not everyone, to be certain, but enough to make that complex rule effectively useless if you’re protecting an account, because it’s essentially obvious. The rules “work”, but they don’t protect in the way they should.

One interesting shift here in password allowance is coming from Microsoft. In a recent blog post Microsoft researchers outline methodologies for IT professionals to install routines that check for obvious passwords and combinations and reject them outright. They may meet the specific rules laid down for the service, but if they’re on the banned list, you can’t use them. Microsoft already uses this approach for Microsoft accounts, but wants it spread further to encourage good password creation.

So what do you do to keep yourself secure? Mnemonics are decent if you’ve only got a few passwords to remember. Anyone who’s ever studied music probably remembers Every Good Boy Deserves Fruit as a simple scale mnemonic, and you can apply that to passwords, perhaps choosing not quite so obvious a phrase as the basis for your passwords. Something you would remember, but not that anyone else might guess. So (again, as a random example) if your Uncle Kevin Used To Pickle Fruit, that would be UKUTPF. Mix up your capitals and sort out some numbers — maybe Uncle Kev was 73 at the time — and you’re well on your way.

If you’ve got more than just a few passwords, though, I’d still advocate for using a proper password management application such as Keepass, Dashlane or 1Password to not only securely store your passwords, but also generate them dynamically and at length. That dodges the obvious human creation rule problem, means you don’t have to stress remembering tough passwords and makes it simple even if you’re asked to create new passwords, because they can all simply generate a new random character string at the click of a button.

FacebookTwitterGoogle+Share

Recent News

chromeicon

If you’re a user of Google’s popular Chrome browser — and with anywhere between 60-80% of the web’s traffic delivered to Chrome, the chances are pretty good that you are — then come July, you’ll see a significant change in how the web pages you visit are presented. That’s because the version of Google Chrome… More 

ytm

In the world of online music streaming, there are a number of big-name players. Spotify is the best known, and Apple has its own play in Apple Music. Users of Google’s Android operating systems are probably more familiar with Google Play Music. Google’s approach to Google Play Music has always been an odd one from… More 

parentalcontrols

If you’ve got kids, you may well be concerned that they’re far more tech-savvy than you are. Having grown up with technology as an absolutely expected part of their lives, and with so much IT integrated into school curriculums through their education, it’s pretty easy to feel as though they’re well ahead of you. That… More 

win10update

If you’re using a Windows 10 PC, you’ve probably been alerted to the existence of what Microsoft’s calling the “April 2018 Update” to your operating system. This isn’t some kind of April fool’s joke, or for that matter an update only applicable to women called April, but instead the latest larger-scale update to Windows 10… More