If you’re into social media or cloud computing, you’ll have felt right at home on our blog recently. We’ve tackled both subjects on a number of occasion, and given the popularity of those blogs, I thought it was about time we addressed one of the more feared topics is this area – security.
In the first part of this two part series, I’m going to look at passwords. I know the topic has been done to death everywhere from Lifehacker to AccountancyAge but it’s important so, here we go again!
Almost everything you do online and in the Cloud, will need a password. Passwords are the lock and key that keeps us secure from a shady underworld of identity thieves and internet highway men. We construct complex and difficult to crack passwords to secure our on-line lives.
Or maybe we don’t.
The top 25 passwords
SplashData has revealed the top 25 passwords of the year, taken from a list of millions of stolen passwords posted online by hacking groups, selected password “highlights” are below:
- password
- 123456
- 12345678
- qwerty
- abc123
Complex and difficult to crack I’m sure you’ll agree.
Given the amount of information we’re compelled to give when we sign up to websites, it seems some people aren’t doing a great job of “securing” their personal details. Incidentally, if you are using 123456 as one of your passwords, can you change it please? For me.
Password formulas
The holy grail is surely a password that you can easily recall and that is hard to crack. More often than not, people tend to opt for the “easy to recall” part and don’t really bother with the “hard to crack” part.
With so many passwords to remember I can see the temptation to use the same password for everything (hint: This is never a good idea). A suggestion put to me to address the problem was to use a password rule. A way of generating long complicated passwords that are easy to remember regardless of how infrequently you visit a website.
Had I found the holy grail?
Maybe, maybe not.
It works like this: You devise a single rule that you will use for every password, then append part of the website address to it to make it unique. My password rule might be this:
The first 4 letters of the website name (capitalised) + Underscore + Head office postcode + the % sign + the head office dialling code
Therefore, if I had a myspace account, my password for would be MYSP_ne139aa%0191 (it isn’t by the way). If I were to sign up to e.g. knights.co.uk I would use KNIG_ne139aa%0191. I only need to remember my rule and I can remember the password for each and every site I visit.
Easy enough to remember once you have created your “rule”. Given the length and variety of characters involved it’s going to be pretty difficult to crack. The main problem I see with this method is, if one of my passwords became compromised, my secret is out and all my accounts are at risk. It’s surely better than 123456 though.
No matter which way you look at it, the best thing to do is create passwords unique to every account you have, long complex passwords.
Password management
They’ll be difficult to remember though, so take a look at some of the password management tools that are out there. Lastpass.com and Keepass are two that spring to mind – but please, do your own research and pick the best solution for you. Heck, it’s even OK to write them down as long as you keep them somewhere secure.
Have a password audit for 2012, think about what you are securing online and if your passwords are good enough, if they aren’t consider changing them. You’ll feel better for it.
Mark Knights, Accountants Team
I’ve always had alpha-numeric passwords and recently started to use case-sensitive as well. I think a lot of people don’t bother though, which is a shame when it actually only takes about a second longer to type and adds huge amounts of security to your login.
Never underestimate the power of a space either, I’m a fan of putting spaces into a password. Alpha, numeric, the odd special character and a space – then you’re getting somewhere.
The more complex, the more difficult to remember though – the eternal conundrum.
I have a password protected One Note page to save all my passwords!!!!
Hopefully no one cracks that password.
This was a really useful article. There are tons of articles online with the same old ‘rules for creating a strong password’ but this is the first I’ve hard of using a password formula to make memorable gibberish!
Genius idea!
Thanks very much.
Daniel Romani | Subtle Sensor Photography
Freelance Professional Photographer | Newcastle
“Through 20 years of effort, we’ve successfully trained everyone to use passwords that are hard for humans to remember, but easy for computers to guess.” — Randall Munroe, illustrating why you want *long* passwords.
http://xkcd.com/936/
Although your formula is a good example of its kind, it’s quite dangerous when any one of your passwords is leaked. If your MySpace account were leaked, someone could figure out to replace MYSP with FB and GMAIL. This actually happened with Gawker (http://news.cnet.com/8301-27080_3-20025558-245.html ).
Thanks Daniel, worth taking note of Chuck’s comments though.
If you have some sort of “cypher” on your password, maybe hash it with an md5 hash generator, you could add an extra layer of security that way.
(personally I am a fan of Lastpass as a password management tool, they offer multi factor authentication too, so you can really ramp up the security level).
Chuck, I love that xkcd page. Great idea, explained really well.
It’s very trouble-free to find out any topic on net as compared to books, as I found this article at this web site.