Once again, another article I stumbled upon talks about passwords. It seems that this extremely convenient and widely dispersed method of authentication always makes the headlines — and the main reason behind it is that despite all the awareness around us that we should take care when picking passwords, we still don’t — and that is the problem.
According to CIO.com 33% of web users reply on the same password for a number of websites. WOW… now if I was a hacker with all these social networking websites sprouting like mushrooms, I definetely have a perfect playground when it comes to choosing which website to hack — especially knowing that users tend to use the same password across websites like Amazon and Paypal.
According to the security firm[Sophos], just 19 percent never use the same password twice. Sophos added that three years ago, 41 percent of web users said they used the same password, indicating that just 8 percent of web users have realised the importance of strong, unique passwords.
Do we actually realise that having the password for several websites is like throwing all your eggs in one basket? Is is that difficult for users to choose an intelligent password?
Like we’ve done before in previous articles, we’ve discussed why passwords suck, however here are some tips we’d recommend:
1. If you have to use a password, choose a passphrase, not a common dictionary word – associate it with something current
2. Use a firefox extension like PasswordHasher – perfect for unique passwords on different sites
3. Don’t choose anything less than 8-13 characters
4. Use some special characters to replace normal characters for example ‘@’ instead of ‘a’ – perfect for making bruteforce hacking that much harder
5. Store a list of your passwords in a program like KeePass(free)
6. Finally – change your password every so often
Update1: Thanks to Graham of Sophos, you can watch this video with more suggestions
Update2: Here’s another short video from author and speaker Michael J. Santarcangelo, II (read whole post)
Simple tips for better web password security from Sophos Labs on Vimeo.
"It’s easy to understand why computer users pick dictionary words as they’re much easier to remember. A good trick is to pick a sentence and just use the first letter of every word to make up your password. To make it even stronger, you can replace words like ‘for’ for the number 4, and this should give you peace of mind that your password won’t be guessed,"
On a final note, please keep in mind the following mindset:
"Once one password has been compromised, it’s only a matter of time before the fraudsters will be able to gain access to your other accounts and steal information for financial gain."
Get cracking… its time to change your passwords… (for your own sake)
Update: Here’s another short 1 min clip from author and speaker Michael J. Santarcangelo, II
