Security and the internet are becoming more and more interwoven. We take it for granted that you need to have password after password for this site and that site and this app or that. The advice we are meant to keep these all different is hard to swallow. The recent iCloud debacle is proof enough.
I did a little guess work and found that I use around 45 different things that require passwords in an average week. Some will auto log in via my browser and some I have to remember. Some I haven’t used for ages and trying the “usual combination” of letters and characters often leads to dejected presses of forgotten password. Why do I feel like I have failed the website when I have to push that button?
The human element is the weak link in any transaction that requires a password. Using “Password” is like leaving your front door open while you nip to the shops. You just don’t do it. It doesn’t help if technology analysts like Brett Larson from CNN suggested that you should change “Password” to “Pa$$word”. I guess us here in the UK we should go with “Pa££word”.
For many years I was using the same password or combination of that word it all sites or apps I logged into. Replacing letters with numbers or symbols, after a time it got harder and harder to remember what was replaced with what. So I came up with a new longer password which isn’t a word.
A friend of mine chose his word at random in a book. For my new password it was to be a phrase where I would take each letter of the phrase to make the word. I discounted any from the movies which I have liked or enjoyed and that people knew about. You know that bit on Facebook and what you are watching or films you like. That’s like a goldmine of who you are.
Instead I went with something which is a line from a movie, although it could be a plain old sentence on its own. I have mixed in capitals with symbols and letters to make it really random and I have added a nice touch for each site. So I know each password is different but hard to break.
Using https://howsecureismypassword.net/ I logged my password and a desktop PC would take 25 thousand years to break it. Shamefully my old password was 52 seconds up to 11 minutes when varied. Someone could access my account some of the sites I have visited in under a minute if they so wished!
As for what to use it’s up to you but avoid this lot. If I was a hacker I would start with this lot first, then variations then a scan of other. Be aware though swearing is not clever in password as Virgin Media will tell you (contains swear words) will tell you.
Yet there is a place for crappy passwords according to an article on the Register:
“…argue that password reuse on low risk websites is necessary in order for users to be able to remember unique and high entropy codes chosen for important sites.”
Now this makes sense to me. Why use a super strong individual password for logging into free sites that don’t hold information on you, say a news site like the BBC or even the Register itself. If someone hacks in the worst they could do is comment on stories as you. Possibly in better English too.
So far in my time on the web I have only suffered one issue with passwords and that was with the online Tat-bazaar of eBay. Someone managed to gain access and start to sell items which didn’t exist. To this day I am still not clear how they got into my account but since then security has been a big thing for me.