Geeks2U Promise
We guarantee you'll love our fast, friendly service - or we'll refund your money.  
133,572 Happy Customers & Counting
Need tech support?
1300 769 448
Extended hours, 7 days a week
Home  /  geekspeak  /  Passwords are hard work, but protection is important

Passwords are hard work, but protection is important

Good passwords keep your online accounts safe and secure, but far too many of us break the simple commandments of password creation. It’s not a terribly difficult set of rules; don’t use common dictionary words as your password (especially common fare such as “password” or “123456”, use something memorable to you and (preferably) only you, and don’t re-use one password for one site on another, because if there’s a large scale security leak (over which you may have little or no control) at one site, a common password could leave other sites you log into susceptible as well.

LinkedIN had that issue come to the fore recently with the results of a hack that actually dates back to 2012 going live online, with potentially millions of susceptible accounts revealed. You may have received an email instructing you to change your password; frankly if you use LinkedIN I’d suggest it’s good form to change your password regardless in any case, because regularly changing your passwords is general good security form anyway.

With that in mind, however, you’ve got to pick a new secure password, and this then shifts to the secondary problem. Most of us are terrible at picking secure passwords, because picking something that’s both unique and memorable for the dozens of services many of us use online is actually hard work. To complicate matters, many of the ways that sites actively try to force us to create “strong” passwords may actually make those passwords easier to crack, even while making them seemingly harder to create.

That’s because en masse, people tend to think and create in rather predictable patterns. I’ll give you a very simple example. You’re told to create a password. You choose “password”, because it’s simple. Yes, this is a terrible password, but let that slide for a moment. The system you’re entering it into rejects it because the rules for that site require a number to be part of the password.

An awful lot of people would then choose “password1”, just because it’s the first number in any simple counting system. Not everyone, to be certain, but enough to make that complex rule effectively useless if you’re protecting an account, because it’s essentially obvious. The rules “work”, but they don’t protect in the way they should.

One interesting shift here in password allowance is coming from Microsoft. In a recent blog post Microsoft researchers outline methodologies for IT professionals to install routines that check for obvious passwords and combinations and reject them outright. They may meet the specific rules laid down for the service, but if they’re on the banned list, you can’t use them. Microsoft already uses this approach for Microsoft accounts, but wants it spread further to encourage good password creation.

So what do you do to keep yourself secure? Mnemonics are decent if you’ve only got a few passwords to remember. Anyone who’s ever studied music probably remembers Every Good Boy Deserves Fruit as a simple scale mnemonic, and you can apply that to passwords, perhaps choosing not quite so obvious a phrase as the basis for your passwords. Something you would remember, but not that anyone else might guess. So (again, as a random example) if your Uncle Kevin Used To Pickle Fruit, that would be UKUTPF. Mix up your capitals and sort out some numbers — maybe Uncle Kev was 73 at the time — and you’re well on your way.

If you’ve got more than just a few passwords, though, I’d still advocate for using a proper password management application such as Keepass, Dashlane or 1Password to not only securely store your passwords, but also generate them dynamically and at length. That dodges the obvious human creation rule problem, means you don’t have to stress remembering tough passwords and makes it simple even if you’re asked to create new passwords, because they can all simply generate a new random character string at the click of a button.


Recent News

This week, Apple released an update to its macOS operating system to macOS Big Sur 11.5.1. Unusually for Apple, it detailed exactly what kind of security issue it relates to. Specifically, it patches a hole that would allow attackers to execute arbitrary code with kernel privileges. If that sounds like so much techno-mumbo-jumbo to you,

I’ve not had a standard landline in my home for quite some time now. Partly that was because I very much did switch over to using my smartphone a great deal more over time. Mostly, however, it was because getting rid of it was one of the simplest ways to cut off those interminable “support

Social media can be a huge force for change, and in these times where many of us are bouncing in and out of lockdowns, also a vital lifeline for communication on everything from important matters to the wildly trivial. We’re all allowed our personal obsessions, after all. However, many of us don’t think about the

Microsoft recently released its first public-facing beta version of the Windows 11 operating system that it will ship later this year. You’ve got to be signed up to its Windows Insider program to get it – and be willing to accept a little risk in terms of unstable operating systems – but then this is

Coronavirus (COVID-19) Update

Learn about the precautions we are taking and our new contactless pick-up and remote service options. Read More
Get help setting up your home office or homework area today. Learn More