GG Security Focus – Creating Secure Passwords
The nature of our connected lives means that pretty much all of us will, at some point, have been in the situation where we worry that someone else might have access to our private, password-protected accounts or files.
Often, when someone’s account is compromised, it’s because the password was guessed or cracked using a “brute force attack” or “dictionary attack” – the two most common types of password-cracking methods. Passwords are also frequently stolen by malware applications or “phishing” email scams, so having an active antivirus and antimalware software suite, and refraining from clicking on links in emails or opening unknown, unexpected attachments can also help to protect your accounts from being compromised.
Many people still use the word “password”, or variations like “pa$$w0rd” in their actual passwords, or sometimes “123456” – if you’re one of them, change your passwords now!
The best passwords are ones that are not easily guessed – if you have trouble remembering them, you can always use a secure password manager such as LastPass to remember them all for you.
We’ve put together a list of dos and don’ts for choosing a secure password.
- Use a combination of upper- and lower-case letters,
- Include numbers,
- Include special characters such as ! @ £ or *,
- Choose a password that is complex (8-10 characters or more,
- Change your password as soon as possible if you are concerned,
- Verify that any sites you visit are genuine and, if you are putting your password into them, that they are transmitting your data securely (using SSL) by looking for the padlock icon (you’ll see one near the address bar for our website.)
- Use a secure password manager such as LastPass to remember your passwords if you have too many to remember.
- Use names, dates of birth, or other well-known personal data in your passwords,
- Use a password comprised only of lower-case letters or single dictionary words,
- Use the word “password” or “key” or similar words, or consecutive numbers, e.g. “567890”,
- Reuse passwords,
- Share your passwords with anyone else (unless it’s a team password),
- Write down your passwords and store them near your computer,
- Store your passwords in plain text in a document on your computer or network,
- Click on links in emails or open suspicious attachments.
Of course, this list isn’t exhaustive, but it’s a good starting point for choosing a secure password.
If you, like us, have so many passwords that you find it difficult to remember them, you can always choose a secure password manager like LastPass to take the headache out of remembering them all – we’ll be covering LastPass in more detail in the coming weeks!
If you’re interested in password security, there’s also a very interesting (and somewhat humorous!) TED Talk on the topic, which you can view by clicking here.
If you’d like more information or advice on IT security, hardware or software solutions, or compliance, get in touch with us on 0121 227 0439 or email us at firstname.lastname@example.org