Techniques for Better Passwords

Techniques for Better Passwords

Creating secure passwords has never been more important. Not only do we manage large parts of our professional and personal lives online, but the mixing of business and pleasure can increase security risks, particularly when casually surfing and using personal accounts on a company laptop, or storing business data on a personal machine.

The good news is that creating and maintaining secure passwords is easier than ever thanks to a variety of tools and growing awareness of the best practices to adopt.

With any security measure, the aim is not to create something completely impregnable, as anything is fallible with enough time and effort. But by investing a small amount of time and effort you can convince intruders that there are easier targets for their time.

Many providers share details of their own security procedures, and some go even further. Memset web hosting MD Kate Craig-Wood has a great blog post revealing not only the company approach, but also how increased computing power makes password security even more important.

Password strategy:

Whether for work or play, it’s worth devising a secure password strategy before learning the hard way what happens when things go wrong. With so many internet-connected devices around the office and home it can be easy to leave default passwords in place, but this is obviously the first thing any hacker or intruder will try. Followed by the most commonly used passwords, which in 2012 are ‘password’, ‘123456’ and ‘123456’.

So the first step should be to ensure that the default password for anything is changed immediately.

The next common trap is to use the same password for numerous websites, ranging from your business accounts to your banking and social media profiles. Sadly, despite being easy for us to remember, it also means that one leak in your security on any site destroys it all.

Step two is ensuring you use a unique password for every device, service and application – and periodically checking the permissions of anything which ties into a main account, e.g. Facebook, Twitter and Google Apps, or new mobile apps for your phone.

The final step to create all these new passwords is to use a process which creates much harder passwords to crack.

This can be challenging for two reasons. Not only should you avoid anything easily associated with you (such as the name of your child, pet or spouse), but you’re best avoiding any words in the dictionary, as many ‘brute force’ hacking attempts will simply run a dictionary tool against any encryption on your details.

But you still have options. Firstly, you can manually create new passwords using techniques such as a memorable phrase or quote. By taking the first two letters of each word and substituting numbers, you can craft a lengthy password with no standard words in it.

From ‘Frankly my dear, I don’t give a damn’, you get ‘FrMyDeIDoGiADa’. Which, after substitution, becomes ‘FrMyD31D0G1Ada’. It works even more effectively when you pick a more obscure source!

By using a longer password, you can increase the time to brute force attack it from minutes to months of computing time. Common three letter words can be beaten in minutes, whereas a lengthy and complex password which is ideally longer than 8 characters could take months and years.

Obviously IT departments have tried to institute this by issuing random letter, number and symbol passwords for years. The problem is that no-one can remember them, so they end up on a Post-It note somewhere around your desk, which makes it just as easy for someone to gain illicit access. A large part of the work done by notorious and prolific hackers is to gain physical access to a business or office.

Cloud Based Password Management:

Security doesn’t stop when you’ve understood the need for good passwords. If someone does get physical or remote access to your computer, are they going to find a present in the form of a large document titled ‘passwords’?

There are a variety of desktop and cloud-based password management tools available which mean your passwords are secured. They include open source desktop tools such as KeePassX, and free online tool LastPass amongst others.

This means that even a stolen laptop doesn’t mean all your passwords are accessible immediately, giving you time to change and update them before any malicious activity can take place.

You don’t need a degree in advanced encryption to have security which will deter casual intruders and give the more determined hacker a challenge.

Simple Steps:

  • Use unique passwords everywhere
  • Avoid short (less than 8 or 10 character) passwords which use common words
  • Use longer, random passwords including non-dictionary words or adapt memorable phrases
  • Use a password management system on your desktop or online.
  • Regularly check applications authorised to access your social network profiles, email addresses etc, and remove any no longer in use.
  • And don’t leave your new secure passwords on a note attached to your monitor!

About the Author: This article is written by Ben Jones

Image by marc falardeau / Flickr

Leave a Reply