Geeks2U Promise
We guarantee you'll love our fast, friendly service - or we'll refund your money.  
133,572 Happy Customers & Counting
Need tech support?
1300 769 448
Extended hours, 7 days a week
Home  /  geekspeak  /  Passwords are hard work, but protection is important

Passwords are hard work, but protection is important

login and password

Good passwords keep your online accounts safe and secure, but far too many of us break the simple commandments of password creation. It’s not a terribly difficult set of rules; don’t use common dictionary words as your password (especially common fare such as “password” or “123456”, use something memorable to you and (preferably) only you, and don’t re-use one password for one site on another, because if there’s a large scale security leak (over which you may have little or no control) at one site, a common password could leave other sites you log into susceptible as well.

LinkedIN had that issue come to the fore recently with the results of a hack that actually dates back to 2012 going live online, with potentially millions of susceptible accounts revealed. You may have received an email instructing you to change your password; frankly if you use LinkedIN I’d suggest it’s good form to change your password regardless in any case, because regularly changing your passwords is general good security form anyway.

With that in mind, however, you’ve got to pick a new secure password, and this then shifts to the secondary problem. Most of us are terrible at picking secure passwords, because picking something that’s both unique and memorable for the dozens of services many of us use online is actually hard work. To complicate matters, many of the ways that sites actively try to force us to create “strong” passwords may actually make those passwords easier to crack, even while making them seemingly harder to create.

That’s because en masse, people tend to think and create in rather predictable patterns. I’ll give you a very simple example. You’re told to create a password. You choose “password”, because it’s simple. Yes, this is a terrible password, but let that slide for a moment. The system you’re entering it into rejects it because the rules for that site require a number to be part of the password.

An awful lot of people would then choose “password1”, just because it’s the first number in any simple counting system. Not everyone, to be certain, but enough to make that complex rule effectively useless if you’re protecting an account, because it’s essentially obvious. The rules “work”, but they don’t protect in the way they should.

One interesting shift here in password allowance is coming from Microsoft. In a recent blog post Microsoft researchers outline methodologies for IT professionals to install routines that check for obvious passwords and combinations and reject them outright. They may meet the specific rules laid down for the service, but if they’re on the banned list, you can’t use them. Microsoft already uses this approach for Microsoft accounts, but wants it spread further to encourage good password creation.

So what do you do to keep yourself secure? Mnemonics are decent if you’ve only got a few passwords to remember. Anyone who’s ever studied music probably remembers Every Good Boy Deserves Fruit as a simple scale mnemonic, and you can apply that to passwords, perhaps choosing not quite so obvious a phrase as the basis for your passwords. Something you would remember, but not that anyone else might guess. So (again, as a random example) if your Uncle Kevin Used To Pickle Fruit, that would be UKUTPF. Mix up your capitals and sort out some numbers — maybe Uncle Kev was 73 at the time — and you’re well on your way.

If you’ve got more than just a few passwords, though, I’d still advocate for using a proper password management application such as Keepass, Dashlane or 1Password to not only securely store your passwords, but also generate them dynamically and at length. That dodges the obvious human creation rule problem, means you don’t have to stress remembering tough passwords and makes it simple even if you’re asked to create new passwords, because they can all simply generate a new random character string at the click of a button.

FacebookTwitterGoogle+Share

Recent News

lumia

For some years now, Microsoft has persisted with a multi-pronged software approach around its Windows 10 platform, going all the way up to high-performance workstation PCs through laptops, tablets and mobile devices, in order to service every possible computing need. While the general dominance of Windows in the desktop and laptop space is quite solidly… More 

googleevent

At its recent “Made By Google” event, Google unveiled a range of new smartphones, new home smart speakers, a new laptop, standalone camera and new smart headphones that it wants consumers to adopt. That’s a lot of new hardware, so you might be mistaken for thinking that the launch was all about physical technology. Except… More 

high_sierrasq

Apple’s latest major upgrade for its desktop operating system, macOS High Sierra is now available for qualifying iMacs, MacBooks, MacBook Pro and Mac Pro models, and if you pay attention to the counter in the app store icon in your dock, you’ve probably noticed it being ready to download, if not in fact pestered by… More 

ios11

Apple has recently released the latest update to its mobile operating system, iOS, bringing it to version 11. The new OS has a number of new features, including a limited file exploration app, updated music, photo and email apps, and a number of smaller tweaks to the overall interface and experience of Apple’s mobile products,… More