- A dictionary word
- Numbers at the end
- A capital letter at the start
Am I right?
Hopefully not, but the rise of password policies on websites and computer systems which enforce a minimum password length plus at least 1 capital letter and a number have made many people’s passwords quite predictable.
When asked to choose a password matching that criteria, many people pick something along the lines of:
So, why is this so bad? After all, it meets the password complexity requirements that you’ve been asked to fulfil.
Well, many websites and computer systems are poorly designed and will allow someone to get their password wrong a hundred, a thousand or (worse) an infinite number of times before they lock the account out. This means that hackers are able to run huge lists of passwords against your account automatically, to try and break in.
When I explained this to someone the other week, who had a weak password, they exclaimed “So what if my password is easy to crack, why would anyone want to hack my account?”. Unfortunately, they had missed the real reason behind these password attacks. The hacker probably doesn’t want to read the contents of your emails, unless you’re a corporate espionage target like Richard Branson. What they do want is to gain access to your account to use it for their own gains. In the world of email, access to a ‘fresh’ account allows the hacker to send loads of spam emails, or try and scam your contacts with a phishing email – after all, the email will be coming from you so the chances of them opening it increase dramatically.
The problem is even worse if you, like many other people, use the same password for multiple websites as there’s a good chance your details will be used to try and login to other sites such as Amazon, PayPal and eBay. Also, once a hacker has broken into your email account, they can often reset your password on other websites as to do this you normally only need access to the registered email account.
What is a good password?
In an ideal world, the best password is a password of completely random characters, upper
+ lower case letters and numbers of at least 8 characters. Something like: F(&Ag2;e1 would be a good password. The problem is, it’s not at all memorable – and writing it down defeats the object.
So, how can you make a memorable and safe password for every site you use?
The best plan is to come up with a ‘start’ section for your password, which is strong (not a dictionary word, and includes letters & numbers). Something like:
This section stays the same for all the passwords you use.
Next, you use a middle section that represents the site you’re using, so for example, you might use:
AMZ for Amazon
PAY for PayPal
HSBC for the HSBC Bank
MAIL for Hotmail
You get the idea.
Finally, add a character, symbol or word on the end of the password. Something like an @ sign, or an ! sign.
Using the example above, your Amazon password would be aDfew4AMZ!
This is a strong password, and easy to remember as you only need to remember the first section and the code you’re using for the middle section on each site.
If this doesn’t work for you, or you really can’t remember the first section and what characters you’re using for your middle section, then have a look at SplashID which will allow you to store all your passwords on your PC/iPhone/iPad and lock them behind a single, strong password.
Craig Atkins is a Gradwell partner who runs 1-Fix Limited (http://www.1-fix.com), an IT support company that specialises in services for small businesses, including private cloud, VoIP, Office 365 and fixed priced IT support.
Sign up to our mailing list and recieve all of our content before anyone else.