Geeks2U Promise
We guarantee you'll love our fast, friendly service - or we'll refund your money.  
133,572 Happy Customers & Counting
Need tech support?
1300 769 448
Extended hours, 7 days a week
Home  /  geekspeak  /  Passwords are hard work, but protection is important

Passwords are hard work, but protection is important

login and password

Good passwords keep your online accounts safe and secure, but far too many of us break the simple commandments of password creation. It’s not a terribly difficult set of rules; don’t use common dictionary words as your password (especially common fare such as “password” or “123456”, use something memorable to you and (preferably) only you, and don’t re-use one password for one site on another, because if there’s a large scale security leak (over which you may have little or no control) at one site, a common password could leave other sites you log into susceptible as well.

LinkedIN had that issue come to the fore recently with the results of a hack that actually dates back to 2012 going live online, with potentially millions of susceptible accounts revealed. You may have received an email instructing you to change your password; frankly if you use LinkedIN I’d suggest it’s good form to change your password regardless in any case, because regularly changing your passwords is general good security form anyway.

With that in mind, however, you’ve got to pick a new secure password, and this then shifts to the secondary problem. Most of us are terrible at picking secure passwords, because picking something that’s both unique and memorable for the dozens of services many of us use online is actually hard work. To complicate matters, many of the ways that sites actively try to force us to create “strong” passwords may actually make those passwords easier to crack, even while making them seemingly harder to create.

That’s because en masse, people tend to think and create in rather predictable patterns. I’ll give you a very simple example. You’re told to create a password. You choose “password”, because it’s simple. Yes, this is a terrible password, but let that slide for a moment. The system you’re entering it into rejects it because the rules for that site require a number to be part of the password.

An awful lot of people would then choose “password1”, just because it’s the first number in any simple counting system. Not everyone, to be certain, but enough to make that complex rule effectively useless if you’re protecting an account, because it’s essentially obvious. The rules “work”, but they don’t protect in the way they should.

One interesting shift here in password allowance is coming from Microsoft. In a recent blog post Microsoft researchers outline methodologies for IT professionals to install routines that check for obvious passwords and combinations and reject them outright. They may meet the specific rules laid down for the service, but if they’re on the banned list, you can’t use them. Microsoft already uses this approach for Microsoft accounts, but wants it spread further to encourage good password creation.

So what do you do to keep yourself secure? Mnemonics are decent if you’ve only got a few passwords to remember. Anyone who’s ever studied music probably remembers Every Good Boy Deserves Fruit as a simple scale mnemonic, and you can apply that to passwords, perhaps choosing not quite so obvious a phrase as the basis for your passwords. Something you would remember, but not that anyone else might guess. So (again, as a random example) if your Uncle Kevin Used To Pickle Fruit, that would be UKUTPF. Mix up your capitals and sort out some numbers — maybe Uncle Kev was 73 at the time — and you’re well on your way.

If you’ve got more than just a few passwords, though, I’d still advocate for using a proper password management application such as Keepass, Dashlane or 1Password to not only securely store your passwords, but also generate them dynamically and at length. That dodges the obvious human creation rule problem, means you don’t have to stress remembering tough passwords and makes it simple even if you’re asked to create new passwords, because they can all simply generate a new random character string at the click of a button.

FacebookTwitterGoogle+Share

Recent News

Fotolia_73676056_M

The Australian Transport Safety Bureau (ATSB) recently issued a general warning around the use of electronic gadgets inflight after an incident where a passenger’s headphones exploded inflight en route to Melbourne from Beijing. They didn’t release a whole lot of additional details regarding the make or model of the headphones, or whether there were any… More 

finance

If your paperwork piles up while you’re away from your desk then it might be time to streamline your business with a cloud-based finance package. Paperwork is one of those necessary evils when you run a business. You might prefer to spend all your time focusing on your passions, but the business won’t get far… More 

nbn

For years now we’ve been promised a bright shiny NBN future of broadband for all. It’s been bogged down by political boondoggles (no matter which side of the political fence you sit on) and an often significantly delayed rollout schedule, but the reality of the NBN is starting to hit more and more Australians as… More 

smarthome

There’s a wealth of new smart gadgets vying for a spot in your home, but for a truly smart home you’ll want all your smart gadgets to speak the same language. Wandering through your local homemaker centre you’ll find a smart device for every room and every occasion – from smart appliances for the kitchen… More