Choosing the right password
Weak passwords continue to pose a huge a security threat
Choosing a password is easy enough, but choosing one that’s easy to remember as well as secure is something that many people struggle with.
What to do:
Use at least eight characters
Use a random mixture of both upper and lower case characters, numbers, punctuation, spaces and symbols
Don't use a word found in a dictionary, English or foreign
Don’t use the same password twice
Choose a password that you can remember so that you don't need to keep looking it up; this reduces the chance of somebody discovering where you have written it down
Choose a password that you can type quickly, this reduces the chance of somebody discovering your password by looking over your shoulder
Change your password regularly, e.g. once a month
Change your password whenever you suspect that somebody knows it, that they may guess it, or if you are worried about someone stood behind you while you typed it in
Choosing a safe password:
- Use good password generator software to help you
- Use the first letter of each word from a line of a song or poem
- Alternate between one consonant and one or two vowels to produce nonsense words. e.g. "taupouti"
- Choose two short words and concatenate them together with a punctuation or symbol character between the words. e.g. "seat%tree"
Things to avoid:
- Don't use passwords based on personal information such as: name, birth date, children’s/pets’ names, your car registration number, address etc. This includes using just part of your name, or part of your birth date
- Never use a password based on your username, account name, computer name or email address
- Don't just add a single digit or symbol before or after a word. e.g. "apple1"
- Don't double up a single word, e.g. "appleapple"
- Don't simply reverse a word e.g. "elppa"
Protecting your password:
- Never store your password on your computer except in an encrypted form.
- Whenever windows on your computer prompts you to "Save password" - don't
- Never send your password via email or any other unsecured channel
- If you must write your password down, don't leave the paper lying around, keep it away from your computer and under lock and key
- Never tell anyone your password.
Ways in which potential hackers will try and get hold of your password:
- Steal it. Looking your shoulder when you type it, or finding the paper where you wrote it down
- Guess it. Many people use a password based on information that can easily be guessed
- A brute force attack. This is where every possible combination of letters, numbers and symbols are used in an attempt to guess the password. With modern fast processors and software tools, thousands of combinations can be tested in seconds
- A dictionary attack. Combinations are first chosen from words available in a dictionary. Software tools are readily available that can try every word in a dictionary or word list until your password is found. Dictionaries with hundreds of thousands of words, as well as specialist, technical and foreign language dictionaries are available, as are lists of thousands of words that are often used as passwords such as "qwerty", "abcdef" etc.
For more tips and advice on choosing secure passwords visit http://www.lockdown.co.uk/?pg=password_guide