What’s in a password?

LinkedIn and Last.fm are the latest services to have users’ passwords compromised, making it all the more imperative to create strong, secure passwords. By Craig Wilson.

Added by Craig Wilson on 15 June 2012.
Saved under Craig Wilson, Opinion, Top
Tags:

Every new service you sign up for online requires a password or PIN, and staying on top of the burgeoning list of login details often leads to laziness. But recent security breaches of sites like LinkedIn have once again highlighted the importance of developing a good password strategy, even if the idea sounds about as exciting as a trip to the urologist.

For many people, one password is more than enough to remember and so they’re inclined to use the same password for every website or application. Of course, this is a staggeringly bad idea. So bad, in fact, that, were there awards for crummy ideas, this might just win the lot of them.

At the very least consumers should always have unique passwords for each e-mail and online banking service they use. Those passwords shouldn’t just be vastly different from one another, but different from the passwords used for other services like Facebook, or Twitter, or your pug-focused Pinterest account.

E-mail provides a potential fraudster with an incredible amount of data, including which bank you use, where you live, what your real name is and which social media services you use. So, too, does social media. All of this information makes it that much easier to turn one chink in your digital armour into a gaping wound.

By using the same password across services, consumers simply make fraudsters’ lives easier. If a user’s e-mail, online banking and social media passwords are the same, and any of them is compromised, it makes it all the more likely that the others will be, too. After all, it doesn’t take much effort on the fraudster’s part to try other services and the payoff for success is often well worth it.

Ideally, one should assign a different password to every service. Previously, this was just impractical unless you were some sort of savant with a photographic memory.

Today, keeping on top of myriad passwords has been made easier thanks to applications and plug-ins like LastPass, 1Password and KeePass that keep lists of your passwords and are far more secure than the other, often used password repository: a file called “passwords.doc” or “passwords.txt”.

Now that you’ve got somewhere to store your passwords, the problem is creating good ones. The experts are divided on some of the finer points about what makes an excellent password, but they agree on the basics. A combination of lower- and uppercase letters, numbers and symbols is a good start.

The experts are also in agreement that “password”, “1234567890”, “opensesame”, “letmein” and your dog’s/daughter’s/nephew’s name are some of the least secure and easy to guess password candidates you can choose.

Other bad practices include using the same word twice in a row, using any sort of sequential keyboard pattern (like “qwerty” or “asdfghj”), simply appending numbers to the end of a word, or anything personal like your birthday, anniversary, licence plate or telephone number.

A popular approach is to take a random phrase or combination of words and replace letters with numbers — like l with 1, or a with 4 — but these can also prove easy for automated password-cracking tools. A better approach is to use an incorrectly spelt word, or to create a mnemonic password by, for example, using the first letters from each word in a memorable sentence.

Finally, there’s one other thing about passwords: they’re most effective when they’re kept private. Any large company will tell you the biggest risk to security is people. So, even if you’ve come up with a password so impressive and obscure you feel like bragging about it, don’t.  — (c) 2012 NewsCentral Media

Share this article

  • http://uncensored.citadel.org/ IGnatius T Foobar

    You’re completely wrong here.  Google the phrase “correct horse battery staple” and you will be shown exactly why “password complexity requirements” do more harm than good.

Why TechCentral?

We know that as a prospective advertiser, you are spoilt for choice. Our job is to demonstrate why TechCentral delivers the best return for your advertising spend.

TechCentral is South Africa’s online technology news leader. We don’t say that lightly. We believe we produce the country’s best and most insightful online tech news aimed at industry professionals and those interested in the fast-changing world of technology.

We provide news, reviews and comment, without fear or favour, that is of direct relevance to our fast-expanding audience. Proportionately, we provide the largest local audience of all technology-focused online publishers.

We do not constantly regurgitate press releases to draw in search engine traffic — we believe websites that do so are doing their readers and advertisers a disservice. Nor do we sell “editorial features”, offer advertising “press offices” or rely on online bulletin-board forums of questionable value to advertisers to bolster our traffic.

TechCentral, which is edited and written by award-winning South African journalists, cares about delivering top-quality content to draw in the business and consumer readers that are of most interest to technology advertisers.

We’d like the opportunity to demonstrate the value of directing a portion of your advertising budget to TechCentral, whether your company is in the technology field or not. Numerous opportunities exist for companies interested in reaching our audience of key decision-makers in South Africa’s dynamic information and communications technology sector. We offer packages that will deliver among the best returns on investment available in the online technology news space.

For more information about advertising opportunities, and how your organisation can benefit by publicising itself on TechCentral, please call us on 011-792-0449 during office hours. Or send us an e-mail and ask for our latest rate card and brochure.