The problem is that short, simple password are, whilst easy to remember, open to attack by hackers using simple brute-force approaches to ‘guess’ password. And once a password is guessed, your accounts are open to theft and exploitation.
So what makes a password simple? Using consecutive keys on the keyboard is one example – the password ‘123456’, whilst easy to remember, is also easy to guess. The same is true for ‘qwerty’ (the first six letter keys on a standard keyboard. Indeed, passwords which make use of consecutive strings of characters are all equally insecure – ‘abcdef’ may not be a password made of keys which are next to each other on the keyboard, but it’s still an easily guessed combination.
As well as consecutive characters, using slang words, trivial phrases or words which can be found in the dictionary all have risks. Using the same password on multiple websites is also a risk.
A recent study revealed the ten commonest passwords currently in use worldwide:
123456
12345
123456789
Password
iloveyou
princess
rockyou
1234567
12345678
abc123
123456789
Password
iloveyou
princess
rockyou
1234567
12345678
abc123
So how do you make sure that your passwords are secure?
- Firstly, avoid passwords on the above list. In addition, avoid choosing passwords which make use of information which fraudsters can easily obtain about you – your date of birth, home address or even your mother’s maiden name.
- Use different passwords on different accounts wherever possible.
- Avoid using single words which are found in the dictionary (for example ‘princess’ in the above list). Some automated attacks simply crack passwords by running through lists of words from the dictionary. If you do use a dictionary word, use a long one.
- It's a good idea not to allow your computer to remember your passwords. Even if no one else uses your computer, if it is stolen the thieves will be able to access your private information and even hijack your identity.
- Mix up letters and numbers, and use the Shift key. Most systems use ‘case sensitive’ passwords, which means that they treat capital letters differently from small letters. Thus ‘ABCDEF’, ’abcdef’ and ‘AbCdEf’ are considered to be three different passwords. Some systems allow the use of characters other than letters or numbers – ‘&’, ‘%’, ‘?’, for example.
- Make sure that your password is as long as possible; one more than eight characters long is good.
- Change your passwords regularly. Once a month is ideal, but even every six months is better than never.
- Use different user names and passwords on different accounts.
Phrases make good passwords – a line from a favourite poem, song or rhyme. If you just use the first letter of each word in the phrase, then that is even better; ‘Once a jolly swagman camped beside a billabong’ is an easily remembered phrase, and gives the password ‘Oajscbab’. Easy for you to remember, but hard for someone to guess. And note the use of the upper-case ‘O’ at the beginning.
Microsoft offers a password checker tool which can be used to check how secure they are.
Following these simple tips can protect you and your family from fraud and identity theft. And they’re all easy to implement.
No comments:
Post a Comment