Talon KnowHow

• Password Policy Guidelines
• Do I Need a Password Policy?
• Help Customers Find You on Google
• PowerPoint - Transition with Style
• Passwords – The Achilles Heel of Security
• Dealing with Computer Misuse
• Save Time with the Snipping Tool
• Why Not Have a Virtual Meeting?
• Top Tips for Virtual Meetings
• Keyboard Tips
• How to Avoid Counterfeit Software
• Office 2007 - Ribbon Rage

Passwords – The Achilles Heel of Security

You've got a firewall, up-to-date anti-virus software and you back up your data regularly but if your passwords are weak then, not surprisingly, your online privacy and security is at risk. 

 

Studies have shown that users will choose weak passwords even on sites that hold their most important data.  Even more alarmingly people use the same weak password on multiple sites.

 

A weak password makes you vulnerable as a hacker can crack your accounts by guesswork alone using a list of common passwords. Weak passwords means it won't take long for a hacker to break into a percentage of accounts as it's simply a numbers game.

 

A weak password on your email account is a particular worry as if a hacker got access then they could potentially get into your bank account, social networks and even your steal your identity. By using the 'I forgot my password' option they can reset your passwords and then change account details and email addresses.

 

So What's a Weak Password?

As mentioned above a weak password is an obvious one - one that is easily guessed.

 

In 2009 a security breach at RockYou.com resulted in the release of over thirty million user passwords.  Imperva, an IT security company, studied them and not surprisingly discovered that when give the chance most users will choose a very simple password. 

 

  - Almost a third of passwords were six characters or less

  - Almost 60% chose passwords from a limited set of alpha-numeric characters

  - Nearly 50% used slang, dictionary or trivial passwords

  - 290,731 users chose 123456

  - 61,958 users chose Password

  - 13,856 users chose qwerty

 

Read the study here.

 

More Popular Passwords                                           

If you're not worried yet have a look at the list below to check how safe your current passwords are.

 

If you're using anything like them take action immediately or you might as well just hand over your wallet to the next person you see.

 

You might also think you're being clever with your combination but if you've thought it up it's very likely that someone else will have too for example bond007.

 

Popular password examples

  Names - your name, pet's names, children's names, partner's name, cartoon character names

  Number combinations - 123456, 654321, 1111, 666666, 112233, dates of birth

  Letters combination - zzzzzz, xxxxx, qwerty, zxcvbn

  Alpha numberic combinations - 123abc, ncc1701 (seemingly the ship number for the Starship Enterprise!)

  Password - Password, Password!,Password1, Password2

  Words or phrases shared by loads of people - ilovecats, letmein, iloveyou

  Cars - mustang, porsche, lotus

  Sports - football, fishing, golf, football teams

  Star Wars  - Jedi, Luke, Darth

 

How to create a strong password

There's loads of advice out there about creating stronger passwords

 

Do's

  - Make it as long as possible - at least eight characters

  - Have a mix of upper case, lower case, special characters and numbers

  - Always use consistent modifications such as a @ for a or 1 for l

  - Change it often

 

Don'ts

  - It shouldn't be based on any personal information

  - Don't use a dictionary word in any language - even changing some characters to symbols will not stop hackers

    cracking it

  - Never use the same password twice

  - Don't recycle passwords eg qwerty1, qwerty2

 

A Passphrase not a Password

The above advice is all very well but the difficulty comes when you have to try and remember a password that is made up of a mix of characters.

 

Many experts suggest having a passphrase rather than a password.  You take an easy to remember phrase or sentence and then turn it into a password.  Or use the first letters of a phrase, line of a poem or quote.

 

Here's an example

  - Take the phrase red sky at night and take out the spaces to get redskyatnight 

  - Add some capitals using consistent rules such as every third letter - reDskYatNigHt  

  - Add some special characters and numbers, again using consistent rules, a = @, i = ! and t=7 -  reDskY@tN!gH7

  - You can then use this as base word to modify depending on the website account

  - For instance for your Hotmail account, you could take the first and last letters of the account name and insert them

    into your base password after the first word - reDhlskY@tN!gH7

  - If you had a Google account it would be reDgeskY@tN!gH7

 

It doesn't matter what rules you pick as long as they're consistent.  It may seem difficult at first, but once you get used to typing your new password it will become easier and therefore more secure.

 

But if you think you might have trouble remembering your more complicated passwords then there are password management programs that will store all your passwords for you.  Investigate LastPass, Kaspersky Password Manager and Roboform.

 

Next month - Do we need a password policy at work?