Passwords and online security

February 28th, 2013 by Monika Jankowska-Pacyna

Using your username and password online provides you with quick access to everything from your email and bank accounts to your favourite social network websites and tools.

Passwords give you a lot of power and control and it’s critical to keep them safe and secure.

Unfortunately, we often find that passwords are the weakest link in the security chain. Keeping track of many passwords can be difficult and overwhelming, and accounts are often compromised when passwords are weak, reused across websites, or when they are shared with someone untrustworthy.

Explore Secure Passwords video from Common Craft to get started.

Is your password to any website “password”? Or how about “123456″ or “qwerty?” These are the three most common passwords. There are thousands of common passwords that people use on a regular basis, and malicious hackers are taking email addresses and passwords and randomly trying to log into accounts at the most popular websites on an ongoing basis.


Here is what not to pick as a password:

  • dictionary words, words spelled backwards, common misspellings, and abbreviations
  • places and names, any personal information
  • dates in any format, birthdays, driver’s licenses, passport numbers, or similar information
  • keyboard sequences or repeated characters


So what should a good password look like?

  • a combination of letters and numbers
  • a mix of upper and lowercase letters
  • at least 8 characters long – even 14 is recommended
  • completely random


Keys to password strength: length and complexity

  • An ideal password is long and has letters, punctuation, symbols and numbers.
  • Whenever possible, use at least 14 characters or more.
  • The greater the variety of characters in your password, the better.
  • Use the entire keyboard, not just the letters and characters you use or see most often.

There are many ways to create a long, complex password. Here is one way that may make remembering it easier:

What to do

Suggestion

Example

Start with a sentence or two. It could be a part of a poem as well. (about 10 words total).

Think of something meaningful to you.

Long and complex passwords are safest. I keep mine secret. (10 words)

Turn your sentences into a row of letters.

Use the first letter of each word.

lacpasikms (10 characters)

Add complexity.

Make only the letters in the first half of the alphabet uppercase.

lACpAsIKMs (10 characters)

Add length with numbers.

Put two numbers that are meaningful to you between the two sentences.

lACpAs56IKMs (12 characters)

Add length with punctuation.

Put a punctuation mark at the beginning.

?lACpAs56IKMs (13 characters)

Add length with symbols.

Put a symbol at the end.

?lACpAs56IKMs” (14 characters)


The Most Important Account of All

Can you think of which of your online accounts is the most critical? It is your email account.

It’s often used to set up and log in to accounts, as well as to reset passwords. If someone up to no good got access to your email account, they could request all your passwords, get them by looking at your email, and have access to everything. So it is critical that your email account has a strong password, and a unique one not used for anything else. And you should probably change it often.


You should write down your password and store it somewhere.

It might be worthwhile to write down your passwords and keep them offline. Online malicious hackers cannot spring out of your monitor and start searching your desk. They can, potentially, get access to your computer files. So if you store your passwords in a file on your computer, make sure it is an encrypted and protected file.


Tools you could use to help you remember passwords:

There are many tools that allow you to store passwords in one secure location and access them with one master code or password:

1Password – https://agilewebsolutions.com/store

KeePass – http://keepass.info/index.html

Passpack – http://www.passpack.com/en/home/

RoboForm – http://www.roboform.com/

Password Safe http://passwordsafe.sourceforge.net/index.shtml

LastPasshttps://lastpass.com/

Flyingbit Password Keeper http://www.pwkeeper.com/

Password Dragon – http://www.passworddragon.com/com/


Be careful with WiFi Connections and using other computers

If you travel, you might be using a WiFi network at your hotel, the airport, the conference center or even a coffee shop. To be safe, you should assume that they are all insecure unless you are at a secure website with an https address. Look for the “s” at the end of https. Many websites will offer both secured and unsecured versions. For instance, you can go to http://gmail.com or to https://gmail.com. Always use the https version.

Even more insecure than using a public WiFi network is using a public computer. Any computer that is not yours could have key logging software installed, for instance. So even if you are logging on to your secure website with a strong password, the keystrokes you type could be recorded and sent along to someone – even the keystrokes of your password. Even if the computer hasn’t been compromised in this way, IDs and passwords could simply be stored in the browser. Logging out of your account when you are done and then cleaning the browser’s cookies and cache is good protection, but not perfect. If you absolutely need to use a public computer, consider changing your password after you are done and monitor your accounts closely to make sure they haven’t been compromised.

Some sources used for this content:

http://macmost.com/online-password-security.html
http://www.microsoft.com/protect/fraud/passwords/create.aspx

Image source:

http://www.bu.edu/infosec/howtos/how-to-choose-a-password/