I’m signing up with more and more websites and want to make sure my passwords are secure. What do you suggest?
I get this question, and variants of it, from time to time. Login names and passwords have become the de facto standard controlling how we access websites, online services, online banking, social networking and all aspects of our online lives. However, there are a few problems with passwords. First of all, we have too many of them, or maybe not enough. Each site needs a password, so you have to face the dilemma of using the same password for every website (which isn’t secure), or using a different password for every website (which is impossible to remember).
Secondly a password isn’t necessarily secure, as you can make it pretty easy to guess. For example, here are some commonly used insecure passwords:
darkreading had these top 10 passwords :
Threadwatch had in 2007
- (your first name)
modern life is rubbish has a UK List in 2006 :
But across europe the top 10 is still
- Football Club
- Partners Name
- Own name
- First school or Colour
So what should we do to make sure our passwords are safe. Here are some guidelines:
- Use a combination of letters, numbers and special characters (!”£%^#~&*). Words that you can find in the dictionary are easier to crack. If your password is a mixture of characters it’s much more secure. Hackers have a number of toys they can use to try and crack passwords, one of their favourite tries all the words in the dictionary as your password.
- Avoid memorable words, dates and numbers. Passwords that consist wholly of your favourite football team, your girlfriend or date of birth are easy for someone to guess
- Use a system. Great passwords are ones that are easy to remember but hard to guess. For example “password” is a really bad password to use, but if you turn it into “P@s5w0rd#” it because much harder to break.
- Keep your passwords secure. Don’t disclose what your password is to anyone. If you need allow someone to access an online account, change the password, share your credentials, then change the password again once you get your account back. You can also get tools that let you store your passwords so you don’t have to write them down anywhere. I use PasswordSafe, a free utility, to do this.
There are other things you can do to keep your password secure. Can you think of any others?