This article is the first in a series on how to stay secure online. It's a topic I am often asked about and which I am surprised regularly by how little thought it is given to good password practices by both technical and non-technical people alike. Ideally most of what you read below you will already know – but maybe it will prompt you to improve your current password practices if you're currently at risk of one of the following (common) problems:
- Having an online service hacked
- Your bank account emptied
- Facebook account taken over (for an attempted scam)
- Email compromised
Most don't think any of the above are relevant to them - but please read on. It's possible that you haven't considered securing your passwords adequately.
Ensuring your passwords are secure is a key element. So often I hear stories of people who have had an account hacked – Facebook, Twitter, Hotmail, etc. The first point I should mention is do not use a real word as a password – or even a real word with letters swapped out for numbers/symbols – as in this example – p@ssw0rd (this is so common that those trying to hack into anything may well try this technique).
If you can’t use real words – what should you use? Ideal things to include in your passwords:
- Unique acronyms (that you’ve made up) and are easy for you to remember
- A mix of upper case and lower case letters
By mixing up the above you should be able to come up with a secure password. As example I’ll pick one of each of the above to make a new password:
Step 1: Start with a unique acronym that I can remember – MCICA (stands for: my city is called Auckland).
Step 2: Add in some numbers (I’m going to add a number that is relevant to me but nobody else 218. My password is now: MCICA218
Step 3: Change letters to a mix of upper and lower case. My password now reads: MCica218
Step 4: Add in some symbols in random locations: My password now reads MC+ica=218
Now – the trick is to mix up how you create your password – don’t follow the above too closely. Certainly come up with your own memorable acronym that is unique and means something to you. And if you are following the above steps do it in a different order than suggested.
One of the most important aspects of keeping secure online is to have great passwords. Yes – there is an ‘s’ on that because you should have lots of different passwords – not just one you use everywhere you go online.
In recent months we have heard of many situations where people’s existing passwords with a provider have been compromised. When this happens your password from that service (such as the PlayStation Network) may end up as public information and freely shared online. In other situations your password might not be public but it may be in the hands of hackers who will attempt to use it break into other services you might use – such as your bank, Facebook, Twitter, online forums, your work email system, Gmail, Hotmail, etc.
One technique I have come across for making unique passwords is to mix a common password that you remember (such as one made by following example earlier) with a unique identifier for each website you visit. So if you main password is MC+ica218 – you might add a code that represents Neowin to you – my example is #Winning – so the final password might be: MC+ica218#Winning
For most important passwords (such as Internet banking) you may want to use a different sequence compared to less important passwords.
The longer your password is the lower the chance it will be guessed or that you will be hacked. Ensure all your passwords are at least 8 characters long – and preferably 14 characters or longer.
Now we’ve cleared up the importance of having different passwords some will be wondering how to keep track of all these passwords. I can suggest three techniques:
- Use a password storage tool
- For most secure passwords – don’t store the full password online
- Write part of your password down and keep it in a secure location
A useful technique for your most important passwords is not store the full password in one place. You might for instance keep part of the password in your head (or on a hidden piece of paper) – and part of it in a secure online password store (such as LastPass).
What do avoid?
- Password Sharing - try and create situations where you don’t have to share your passwords with friends or colleagues
- Words that are listed in the dictionary or are names of people, companies or brands
- Words spelled backwards, abbreviated, or misspelt
- Common sequences – qwerty, 12345, 911, 111, abc, etc
- Birth dates, phone numbers and other predictable personal numbers
- Saving passwords in your browser or on your computer unless it secured and locked when not in use
Good luck with staying secure. I’m sure many readers will have other useful techniques and some may disagree with my thoughts. That’s okay – the main thing is to ensure you have unique passwords that can’t be guessed and are different in some way from website to website.