Cyber Security:
Choosing a secure password
Using your pet's name, your street's name or a random word can be easy to remember, but can also be easy to guess - especially if the person who is hacking you has access to your social media accounts.
Even if the website you are 'logging into' uses hash functions, passwords are single dictionary words are easy for an attacker to get at by generating lots of possible passwords, then hashing them and see whether any of them match a stored one.
Attackers always start with dictionary words and variations as most passwords are simply 'normal' words.
So your accounts will be more secure if you use long passwords made up of a collection of numbers, letters and symbols that don't resemble a dictionary word.
One way of coming up with such passwords is first to choose a memorable phrase and convert it in the way described in this video from Sophos:
Strong passwords are made up of long strings of characters that don't appear in any dictionary, or at least five separate non-related words that are not easily guessable – are vital.
The other thing to remember is to use a different password for every account.
The majority of cases in which someone's password has been compromised have occurred when an attacker has cracked someone's password on a low-value, low-security site, and that user used the same password for another, higher-value site.
The attacker either knows or guesses the target's username on the higher-value site and then tries the cracked password on it.
The Good Password Checklist
- Don’t use simple, short, easy to guess passwords such as names of friends, family and pets. Don’t use words from the dictionary or commonly used passwords such as 12345 or QWERTY.
- Don’t use substitute characters such as pa22w0rd
- Don’t use the same password on more than one website
- Do use long passwords that are a random mix of upper case, lower case, numbers and other characters, such as giYT%$54vcD3W
- For memorable passwords do use a string of at least five unrelated disctionary words such as bamboo glasses book engine red
- Don’t share passwords with other people. If they need access to data they should be given their own login.
- Don’t leave passwords lying around in notebooks, or on sticky notes close to your computer, or in files on your computer where they can easily be read.
- Before you enter a password into a website, make sure it is using a secure connection beginning with https:// (it might also show a small padlock close to the address) this means the site is using a secure link that cannot be intercepted by attackers.
- When you register with some online services they will send you a password so that you can log in. Many sites force you to change the password when you first log in, if they don’t, change it when you first visit the site.
- If possible, change the default password on devices such as your internet router. This is programmed at the factory and some companies have a single password for all their devices. An attacker only needs to know the make of your router to gain access.
- If you have trouble remembering passwords try a password manager program that not only stores passwords, but can generate new, highly complex passwords for you.
- Two-factor authentication gives you additional protection as it requires two pieces of information (such as a password and a random number sent by SMS) to provide access to your data. If a company offers two-factor authentication, you should use it.
