A Guide to Passwords

A Guide to Passwords

You’d be surprised how easy it is to crack passwords. There’s software freely available for anyone to start trying to hack passwords and not all online sites are as secure as they should be. So you have to be on guard and take passwords seriously.
If you have easy to hack passwords, you’ll almost certainly find yourself hacked at some point.

Step 1: Implications

If your password is a word in the dictionary, is a family or pet name, is a celebrity or is a common password like “wizard” or “snoopy” then it takes only seconds for a program to crack it or for someone to guess it after two or three attempts.

If someone can crack, guess or WebMate hack your password for one website that you log in to, then potentially they can start hacking more. Email should have a very secure password because this is often where other websites send password notifications and reminders. Whilst you might think that a simple password for your Amazon account might be okay, think about the personal details and card details they hold for you that could potentially be compromised.

Step 2: Key things to remember

Never use just words for passwords, always use letters and numbers. You should avoid real names, and real words

You should have a few usernames and passwords which you use for all of your online logins, not just one. Do not use the same password for your online banking as you do for your Amazon account. If your details get compromised for one it’s best to limit the damage!

Make online banking passwords very strong – a password of 8-12 alpha-numeric characters and no real words in it.

Do not disclose your password to anyone, never write them down or send them via email. If you think someone might know it, change it.

Change your passwords regularly, maybe once a month, every six months or once a year.

Make passwords hard to guess, do not use family names, pet names, celebrity names or any word that is in the dictionary

If you think someone might know your password then change it immediately

Never disclose passwords via email – Email can never be guaranteed to be 100% secure, unless you encrypt your emails or you know for definite that the recipient’s ISP uses the same strict security encryption we do (SSL/TLS)

Be cautious of hoax calls asking for personal information, including your passwords over the phone. Most companies operate a question/answer policy whereby you decide the questions and answer. If they know the question, you know they are legitimate. This is how spies and armies around the world have operated for centuries (codeword – response method).

Step 3: Strategies

It’s always good to have a system. Simple password systems are notoriously hard to crack because only you know the system.There’s hundreds of easy ways to ensure your passwords are secure AND memorable, here’s a few ideas

The Fake Secret Question

If you forget your password, some sites will happily disclose this to a potential hacker by answering a simple question that may well be public knowledge. It may ask you for your mothers maiden name, the place you were born or your shoe size. Without knowing too much about you, it’s fairly easy to guess these if someone wanted to, especially if they had pieces of other informatio For example, someone wants to crack your hotmail password. Your hotmail address is barney0781_uk@. From this they know your name, you’re from the UK and you were probably born July 1981. If they then had your phone number, or just the code, they know where you live and that’s probably where you were born too. They’ve found your myspace page too so know all about you: your best friend, where you party, how tall you are, what colour eyes you have…. See how easy it is? The solution is fake secret answers…

Question: Where were you born Answer: Benidorm (your favourite holiday destination instead)
Question: What’s your shoe size Answer: brown (your eye colour)

3-password strategy

The difficult part is remembering without writing them down! It’s sometimes helpful to have a system of some sort and then write down clues to that system until typing your passwords becomes second nature. You’ll soon find that these strange combinations of letters become second nature to type (they actually become easier to type than remember) For example. Lets say you have 3 passwords. Password1 – is for not important stuff, easy to type and easy to remember – “b4nana50“ Password2 – is a more secure version of my easy password – “18$b4nanan50£“ Password3 is much more secure and different to my others, use it for online banking – “$n4ilsr4sn0wwh1te?!” – the more random the better, who’s going to guess my password is “snails are 4 snow white” – even if I tell them how will they know to replace some of the letters? This would also be the type of password you would use for Keychain and software like 1Password. Then, consider changing your passwords every six months or every year, even if only by one or two characters.

Different Password for each site strategy

Remember – some websites know that most people use the same password for every site so they will ask you to create a login username and password and then use that or sell that on to hackers. The best advice is to use software like 1password and have a different password for every site you visit. Or have a system whereby you incorporate the website into your password so they are always different – like amaz!b4rneyru88le – the first four letters being the first 4 letters of the website you are on.

Step 4: What's a good password?

BAD Passwords:

“password” – it’s often the first guess.

“yourname” – or the first part of your email

“secret” – another common one

“oliver” – a member of your family’s name etc

“seaview” – your house or street name

“smith” – your surname or mothers maiden name

“mybankpassword” – you should try not to use the same password for email and banking – try to have at least two passwords, one really secure (8+ alphanumeric) and one secure and maybe easier to remember. Others to avoid and are listed in the 20-most used password lists are: god, lust, love, foobar, wizard, money, private, qwerty, qwert, snoopy, admin, test, testing, 12345 and bob. If you are using any of the above for anything online then change them.

GOOD passwords:

The trick to creating a good, long but memorable password is to combine words and numbers memorable to you but that cannot be guessed by anyone else – and throw in the odd punctuation:

“?Ol1v3r” – a play on the word “Oliver”, you’ll see it uses symbols, numbers, letters and capitals.

“il1k3t4keth4t” – basically it’s “ I like Take That” in secure password form! Even if someone knew you liked Take That they would find it hard to crack this, whereas it’s something you can remember. Be warned that if you do like Take That, then perhaps securing your password is the least of your worries!

“£b4nanAr4mA£” – it’s “bananarama” with pound signs either side – but as you’d agree it would be difficult to crack and relatively easy to remember

“Sm1th25p0lly” it’s “smith” and “25″ and “polly” in one. Smith is your favourite actors surname, 25 is my mums birthday and polly is the name of your favourite childhood pet (for example)

Good passwords should be at least 8 characters long. The more characters the harder to crack or guess. If capitals are supported, like Mac OS users, throw some of those in too.

Knowledgebase

Categories

Categories

The Fake Secret Question

3-password strategy

Different Password for each site strategy

BAD Passwords:

GOOD passwords:

Related Articles

Tag Cloud

Support

Knowledgebase

Categories

Categories