Choosing a password can be hard. There are so many rules; use uppercase, lowercase, symbols, numbers, don’t use dictionary words, the requirements go on. Even with these rules, people tend to create weak, predictable passwords.
When picking a password, many of us use something memorable. Pets names are popular passwords, and something we can easily remember – but they are also easy to guess.
If you love your pet enough for him to become your password (let’s call him ‘buster’), there is a good chance you have shared pictures of your favourite pet on social media – as well as sharing the password to your account in plain text. ‘look at buster being a cute dog!’
Although due to requirements, your password is unlikely to be ‘buster’ all lowercase. Because the online service required an uppercase letter and a number and humans are predictable the password is likely to be ‘Buster1’.
Password reuse is when you have one password used for multiple online accounts. The upside for you is you only need to remember one password. The upside for a hacker is once he guesses one password, he has access to all your accounts. This in turn becomes a downside for you.
‘But I don’t have anything a hacker could steal’ – Think of a crook wondering a car park. It is easiest for him to try each car until he gets one that is unlocked. He might find a handful of change or he might be able to take off with the whole car.
A hacker will think the same – He is not going to spend too much time on one account, but if the door is unlocked (i.e. passwords are too easily guessed), he will have a look around. If your email is compromised the hacker now has the keys to your entire online life.
Having weak and predictable passwords can also leave your friends vulnerable. If your email or Facebook has been compromised, the hacker can then use that account to communicate with your friends. Your friends, believing the messages are coming from you, may lower their guard and the hacker may be able to coax them into installing malware, or may even be able to con them into some kind of financial fraud.
Creating a Strong Password
Creating unique passwords for each online service will help keep you safe. Creating and managing strong passwords can be done using a password manager such as KeePass (available from www.keepass.info). If the idea of a password manager is daunting, you can write unique passwords down in a notepad stored in a safe place in your home. This will keep your passwords safe from an online attacker, but may leave you vulnerable if someone were to break into your house. Although in this scenario, physical access to your computer or laptop would possibly grant access to your online accounts anyway.
To create a strong password you should aim for 12 or more characters – The more the better. Take a line of text from a book, poem or song lyric, preferably something you know off by heart.
‘The quick brown fox jumps over the lazy dog’.
Choose a longer line of text if possible. Take the first character of each word, to create the base for the password
You now have a random string of text, that should be easy to remember and hard for someone to guess. Now of course we need uppercase, lowercase, symbols and numbers to make the it a little more secure – and to keep websites strength meters happy.
Choose a random number or take something such as the time or date, the page number of the book and add that somewhere to the sring of text. You could even add AM, PM, or PAGE in the mix.
tqbfjotld301PM or PAGE55tqbfjotld
This again should be easy to remember after a few times of typing it in. Although it is already fairly secure we will add a symbol just for safe measure.
[email protected] or PAGE55$tqbfjotld
And we have a 15 and 16 character password that should be reasonably easy to remember 🙂