The Password Masterclass

Secure PasswordFirst off, you may be thinking “if someone tries to hack my password will my account not be locked out after a few attempts?” This is a valid question, but the answer is no. Without going into the exact technicalities of how password cracking works (because I don’t know) it involves baddies hacking into the password systems of an organisation, grabbing a file containing account details and encrypted versions of passwords and somehow compare their guess of password with these encrypted passwords.

The criminals won’t spend too long on each password so if yours is hard to crack then they’ll simply move on to the next one and crack the simpler ones instead.

They will start off trying obvious –password, letmein, 123456, etc. Then move on to your name, street, etc. Then they will try commonly used words from the dictionary. When they have exhausted these options they will move on to using ‘brute force’ – nothing particularly clever, it’s just a process of trying every single combination of letters and numbers.

However – the criminals may focus on individual accounts. Please see this quick facebook tip for more information.

What I do…

I use different passwords depending on how sensitive the website is. Unfortunately (or fortunately) I’m not the Rain Man so I have a few tricks to help remember my passwords.

This is how my passwords are set up:

I use one password for subscribing to random websites that don’t contain any sensitive information – things like TV guides, running websites, band websites etc. It is not unknown for these sites to send you your password in ‘plain text’ (i.e. so you can read it) in an email. This isn’t secure. But as it isn’t worth hacking your account for these sites then it doesn’t matter. I never change this password which is useful as a lot of these sites I would only use once every few years so can always remember the password.

I use another password for sites such as thetrainline.com or ticketmaster etc. These sites probably contain sensitive information such as my home address. I don’t store my payment details with any of these accounts. I don’t change this password either.

I use a much more secure password for things like my email account or ebay – sites which contain a lot of sensitive or financial information.

Finally, I have a separate secure password for online bank accounts etc.

Although that looks like I have only four different passwords the password for each site is actually unique. This is because they all contain a certain number of letters of the site name somewhere within them.

As an example – the password for a site such as www.radiotimes.com could look like this:

radipass05

The first four letters will change each time and is based on the name of the site.

The rest of the passwords follow a similar vein but the more secure ones are longer and contain symbols etc [why?]

One more thing – my secure passwords are changed every few months. This isn’t as much hassle as you think – you probably won’t use many sites which use these secure passwords. And, besides, it’s easier than having all your money or your identity stolen.

This is how I presently manage my passwords but I’ve been looking at password safes…

Password Safes?

This is software for which you have one master password. The software stores all your passwords securely.

Is this not putting all your eggs in one basket?

Yes it is, but that’s not the problem you might think. A decent password safe is extra extra secure so, assuming you use a secure password for it, you can be confident that it can’t be hacked in to. The alternative in reality is to not only use weaker passwords even for things like your bank accounts but use the same password for several applications. This has an additional, less obvious risk in that there are several separate organisations storing your password, opening up the risk of a security breach.

Password Safe Options
LastPass
RoboForm
KeePass
1Password

Posted in Good Practice