Recommended Agency

text controls: text only | A A A

RT @Simpleweb: Huge thanks to @github for sponsoring @RailsGirlsBriz with us. It's going to be a great day! http://t.co/xN5HkHD1KD, posted 2 days ago

RSS feed icon What is RSS?

blog.

Passwords - Part One

Passwords - Part One

Passwords are everywhere. You need a password for your email. For Facebook. For your bank. For the iTunes store. For your favourite forum. And probably for a few tens of passwords for other miscellaneous sites too.

In this first part of a multi-part series, I'll be dealing with ways to choose a good password - or, perhaps, ways to choose a bad one.

So, what do you pick for your password? Hopefully you'll be aware that picking a word in the dictionary ("password" is still the most popular password, according to reports), or a person's name is a bad idea.

However, the old standby of adding a number is so well-known now that passwords like "Password1" (the most popular business password, owing to its use of a capital letter and a number, thereby satisfying most password rules) and "abc123" now show up amongst the most used passwords - and hence in the hackers' lists of the most obvious passwords to try.

In addition, all the people trying to guess passwords figured out long ago that swapping a letter O for a number 0 (and its obvious I/1, E/5 friends) are pretty obvious, so "passw0rd" isn't much more secure than the plain version.

Very well known, and hence obvious, are patterns of letters and numbers - "qwerty", "12345678" and "abc123" all show up in popular lists and are best avoided.

Kids/Spouses/Pets/Sport Club names and years are also fairly common, so if I know (or take a stab statistically) that you have a girl that's about six, "grace07" or "Grace07" or "Grace2007" - the most popular girl's name of that year - isn't going to last long against a determined hacker either.

Finally, clever little phrases - "trustno1" and "letmein" are so popular as to be not recommended, and, appropriately for a post on Valentine's day, "iloveyou" also shows up on most popular lists. Sweet, but insecure. Sorry.

So how to choose a better one that you'll remember?

Song lyrics or film quotes are an oft-cited idea - if you're a Hotel California fan, you could compress "Her mind is Tiffany-twisted, she got the Mercedes bends" down to its initial letters - "HmiTtsgtMb" - and if Tiffany makes you think of money and the Mercedes logo looks a bit like an asterisk, how about "Hmi$tsgt*b" - that is starting to look like a much more decent password.

Of course, the problem here is that you want to stay away from obvious songs (like Hotel California!) and obvious films. Favour that odd 1973 foreign film over Austin Powers quotes, please.

The very best password, however, is long and random. If your password is "GsH:oM6I0d!xMukI", the hackers are going to be guessing for a very long time indeed. Of course, the problem is: how on Earth are you going to remember that?

A password manager can be a good choice here - one that keeps your horrendously long passwords safe on your computer, and protects them with another password that you can remember.

Whilst in one way, that just moves the problem a little, it's still a good idea - it means that you're never telling anyone/any website (apart from your password manager) the key you need to unlock the very complex password that you actually give to Facebook.

It also means the hacker needs physical access to your password manager (probably on your computer itself) rather than being able to try to get into your Facebook account directly, which ups the difficulty considerably over what they need to achieve.

However, the real advantage of a password manager is that you don't need to use the same passwords for all websites. To know why this is a good idea, we need to know a little about how passwords are stored, and we'll cover that in Passwords - Part Two!

Neil Smith
Neil

Created on Thursday February 14 2013 09:19 AM


Tags: passwords


Comments [0]








Comments


Add a comment