EKM Homepage eCommerce Blog by EKM
EKM Homepage eCommerce Blog by EKM
Blog menu

How to create a safe and memorable password

The past few days have been an eye opener for many as to the security of accounts on the internet. The hacking scandal surrounding the leaking of celebrities’ pictures has meant people have been questioning the security of websites and cloud storage spaces. As it turns out there was nothing wrong with the security of the iCloud, but instead the actual problem was that the celebrities’ passwords had either just been guessed, or they were the victims of phishing.

How can my password be stolen?

Phishing is when people try to get hold of your username and passwords by pretending to be a source that you would trust, such as your Bank, or any other large company that you might be in contact with. They often use spoof email addresses and create similar domains. They then get you to enter your username and password on a website that looks very similar if not exactly like the website that they are copying. It is important to remember that a serious business will never ask you for your password for anything other than when you are logging into the actual account.

“Brute-force attacks” are another way your password might become compromised. This means a programme tries multiple variances of a password until it matches, using dictionaries and password lists.

In a time where so much of our personal information is readily available on the internet hackers can just use this to try out different popular password combinations that might include some of your personal details. Many people just use family members birthdays etc which are very easy to find out.

A simple one is “shoulder surfing”. This is the same risk that you have when entering your pin at an ATM. If your password is simple and you aren’t covering what you are doing, then it isn’t hard for somebody standing close by to read your password over your shoulder.

Possibly the most serious of all is the keylogger. This is a little piece of software that will install itself on your computer and it will record any input from the keyboard. The password thief is then able to go through the data and see what passwords you have been using for what.

 

What can I do about it?

Use a long password that is made up of numbers, letters (upper and lowercase) and symbols. The longer the password is, the harder it will be for a brute force attack to guess your password correctly.

What makes a good password:

– The password is at least eight characters long, but the longer the better and eight can arguably still be seen as short

– The password should not contain a complete word

– Ideally you should have a different password for different sites. They shouldn’t just vary slightly, but they should be completely unrelated.

– It should contain uppercase letters (A, B, C…), lowercase letters (d, e, f, …), numbers (0, 1, 2, 3, …) and symbols that can be found on your keyboard ( ` ~ ! @ # $ % ^ & * ( ) _ – + = { } [ ] \ | : ; ” ‘ < > , . ? /)

– It should not contain your username, company name or real name. Ideally avoid any family names and pets, too

Just because a password meets all the criteria, it doesn’t mean that it is safe however. For example, Password4Me! meets all the criteria of a strong password, but it’s actually still very weak as it includes a full word and it is still relatively short. As an alternative to make it stronger you could use P4$sw0rd 4 Me! . It replaces parts of the full word with symbol alternatives and it also includes spaces.

– It’s good if you can make yourself remember your password by making it a phrase that means something to you. You could take a sentence like Chris’ birthday is on 18 October, 1990 and use an acronym for it instead. So it could become something like Cb!()18/Oct,90 .

– Or you just keep the entire sentence, but you change some of the letters to numbers and symbols, misspell words, etc. Chris’ birthday is on 18 October, 1990 could become Chr!$’ Brthd8 i$ 18101990

– We however argued before that you shouldn’t necessarily use personal details. The way above isn’t so bad as it isn’t necessarily easy to guess as you can change the sentence any way you want and it would be close to impossible to just guess that. Alternatively you could create phrases that relate to hobbies, interests, favourite books, quotes you like or anything else you feel that you can remember.

 

What else can I do?

– Use different passwords for different sites. Don’t just slightly change them, use totally different and unrelated passwords. This is especially true of email accounts that are associated with other accounts. They can completely take over the account as they can just change both passwords and you would be completely locked out

– When you are logging in to a website, check for signs check for a secure login option. A secure website URL start “https://” and your browser will show a little padlock icon next to the URL. If it doesn’t have this, then your password could be “sniffed”

– Don’t let ANYBODY have your password. A decent systems administrator doesn’t need your password and if needed can just reset it for you.

– Don’t log in to anything using somebody else’s computer. It is easy for them to have a keylogger installed on their PC that he can then extract your username and password from without you noticing it

– Look out for people around you that might be trying to see what you are typing. Less of a threat when you have a complicated password, but you never know how good somebody’s memory is

– Always have anti-virus software running that can detect any sort of malware and keyloggers that are trying to install themselves on your system. Make sure they are updated frequently so that they will always diagnose the newest programmes

– Change your password frequently, that way you can be sure that if somebody does have your password, they will not have it for long.

– You can use software that is able to securely store all your passwords that you use. Programmes such as Keepass will store all your passwords in a secure encrypted database on your computer and you can just access that whenever you need one of your passwords and you can copy and paste the hidden key into the password box, or click auto-type and KeePass will automatically populate all fields (username & password) for you.

What are you waiting for?

Your own successful online shop is just a click away