If you’re into social media or cloud computing, you’ll have felt right at home on our blog recently. We’ve tackled both subjects on a number of occasion, and given the popularity of those blogs, I thought it was about time we addressed one of the more feared topics is this area – security.
In the first part of this two part series, I’m going to look at passwords. I know the topic has been done to death everywhere from Lifehacker to AccountancyAge but it’s important so, here we go again!
Almost everything you do online and in the Cloud, will need a password. Passwords are the lock and key that keeps us secure from a shady underworld of identity thieves and internet highway men. We construct complex and difficult to crack passwords to secure our on-line lives.
Or maybe we don’t.
The top 25 passwords
SplashData has revealed the top 25 passwords of the year, taken from a list of millions of stolen passwords posted online by hacking groups, selected password “highlights” are below:
Complex and difficult to crack I’m sure you’ll agree.
Given the amount of information we’re compelled to give when we sign up to websites, it seems some people aren’t doing a great job of “securing” their personal details. Incidentally, if you are using 123456 as one of your passwords, can you change it please? For me.
The holy grail is surely a password that you can easily recall and that is hard to crack. More often than not, people tend to opt for the “easy to recall” part and don’t really bother with the “hard to crack” part.
With so many passwords to remember I can see the temptation to use the same password for everything (hint: This is never a good idea). A suggestion put to me to address the problem was to use a password rule. A way of generating long complicated passwords that are easy to remember regardless of how infrequently you visit a website.
Had I found the holy grail?
Maybe, maybe not.
It works like this: You devise a single rule that you will use for every password, then append part of the website address to it to make it unique. My password rule might be this:
The first 4 letters of the website name (capitalised) + Underscore + Head office postcode + the % sign + the head office dialling code
Therefore, if I had a myspace account, my password for would be MYSP_ne139aa%0191 (it isn’t by the way). If I were to sign up to e.g. knights.co.uk I would use KNIG_ne139aa%0191. I only need to remember my rule and I can remember the password for each and every site I visit.
Easy enough to remember once you have created your “rule”. Given the length and variety of characters involved it’s going to be pretty difficult to crack. The main problem I see with this method is, if one of my passwords became compromised, my secret is out and all my accounts are at risk. It’s surely better than 123456 though.
No matter which way you look at it, the best thing to do is create passwords unique to every account you have, long complex passwords.
They’ll be difficult to remember though, so take a look at some of the password management tools that are out there. Lastpass.com and Keepass are two that spring to mind – but please, do your own research and pick the best solution for you. Heck, it’s even OK to write them down as long as you keep them somewhere secure.
Have a password audit for 2012, think about what you are securing online and if your passwords are good enough, if they aren’t consider changing them. You’ll feel better for it.
Mark Knights, Accountants Team