How to use a computer: Choosing A Secure Password (And Keeping It Secure)
A key feature of using a computer as well as the internet is choosing a secure password to protect your information. There has been a lot of coverage in the media recently about the Heartbleed bug and how peoples’ online passwords have been hacked, so choosing secure passwords (and keeping them secure) has never been as important as it is today.
So what is a secure password, how do you choose one and how do you keep your accounts secure? Here are 7 tips that will go some way in protecting your information on your computer and on the internet.
1. Don’t use anything that is too simple or obvious
This might seem obvious itself, but research has shown that a lot of people still use easy-to-remember passwords as such as “Password”, “Password123” or their own name.
While chances are that you will never forget them, they are going to be the first one attempted by any individual or computer program that is trying to hack into your accounts. Avoid such simple solutions at all costs.
2. Avoid using anything that people could readily identify with you
You may think you’re being clever, but don’t choose a password that has anything to do with your profession, personal life or hobbies.
You would be surprised about how much of this information is already publicly online, and the surging popularity of social media means that people are unwittingly revealing more and more about themselves to comparative strangers.
So if you were (for an example) an accountant, you shouldn’t choose “bookkeeping” as a password. If you happen to be an accountant who is known to enjoy fishing, “salmon” or “trout” would also make for very bad passwords too.
Think very tangentially when it comes to choosing a password, especially if you feel the need to choose a dictionary word just so you can remember it (see below).
3. Use a mixture a letters, numbers and other characters as well varying capitalisation
Don’t just rely on words and letters for your password; don’t forget that you have a whole range of characters available to you via a QWERTY keyboard. Numerals and punctuation marks can be used when generating passwords, and you would be foolish not to do so.
Many computer progams and online sites also allow for case-sensitive passwords as well, so bear this in mind when choosing a new one. Don’t be hampered by too literal thinking in this regard either; who says that the capitalisation has to be at the beginning of a word.
So Arcadia1954! is a stronger password than just Arcadia alone, but aRcaDiA!1954 would be securer still.
4. Avoid dictionary words
Going back to over-literal thinking when it comes to selecting passwords, why should you choose a dictionary word for your computer or online password?
The simple answer to this is that words are easier to remember than just an abstract series of characters. Indeed, many online accounts and computer programs inadvertently encourage us to choose memorable words as passwords, as many of them offer security or clue questions to remind us of our passwords in the event that we forget them (i.e. “what was your first pet called?” and other such examples).
However, the hardest passwords to crack are the nonsensical ones. A password such as YJ5£s2!is far more secure than SpotTheDog, but admittedly they are far harder to remember, especially if you have to recall different passwords for different progams or websites (see below). If recall is not a strong point, you could always make a discreet written note somewhere to remind you but this would also compromise that password.
A halfway house solution to this is to use numbers instead of letters in your memorable password so you could have something like SwanseaThr33 rather than SwanseaThree or Swansea3.
Another solution is to use the first letters of a memorable phrase or sentence from a favourite book, movie, play or song. For example, fans of Shakespeare may want to choose IMBTFOL,PO. (”If music be the food of love, play on.”) or 2B0RnOT2b… (“To be or not to be…”). Such a password is memorable for the user, but hard to crack for another individual or a malicious computer program.
5. Don’t use the same password for all your online accounts and computers
Ideally, you should use different passwords for all your different computer logins and website accounts, or at least as many different ones that you are capable of remembering.
The rationale for this is simple; if one of your accounts is compromised with a particular password, so will your other computer or online accounts that happen to share the same password. This is because many people use their e-mail address as their login or username as part of the password process, so it doesn’t take a lot of effort for others to hack into your many accounts if they already have your e-mail address and have identified the one password you use for all of them.
Maintain as many different passwords for as many different computer accounts and logins as you think you are capable of managing. The more passwords you have for all your different accounts, the securer you will be.
6. Make sure that you are logging into the correct, genuine site at all times
One common way in which passwords are compromised or obtained by malicious parties is by getting people to login in to fake websites that purport to be and look like the genuine articles. This is known as Phishing.
These fake websites are often circulated via spam e-mail or via dodgy search engine results, so make sure you are on the correct website before putting in your details and hitting return or enter.
It can be very easy to fall foul of these scams, especially if you are not paying full attention to what you are doing. However, you can protect yourself by always double-checking that you have the correct web address in the web browser of your computer when online, and/or by contacting the company directly via phone or official e-mail if you receive an e-mail that looks suspicious.
7. Don’t share your passwords with anyone else; change all your passwords on a monthly basis
Never share your passwords with anyone else, even family members, as this could compromise your security. This is in case the trusted party (who you shared your password with) inadvertently uses in the aforementioned fake sites or leaves it around as a written note (to take just one example).
There will be some situations where you may have to share your password with a trusted and known third party, but please be sure to change that password to something new at the earliest opportunity. Not only does this re-ensure your online or your computer’s security, it also absolves that trusted third party of any unwarranted suspicion in the event that something goes awry with that particular account.
As a matter of course, you should be changing all of your passwords on a monthly basis. This will significantly minimise the risk of any of your online or computer accounts being compromised, although it can be a demanding undertaking if you have many computer or online accounts and if you have unique passwords for each one of them.
Probably the best thing to do is to strike a balance between how many different passwords you have and how often you change them, as that would be a pragmatic approach to maintaining your passwords’ security without it becoming a full blown task in itself.
If you follow the seven tips above, you will have significantly minimised the risks of your computer or online accounts being hacked. However, no code is unbreakable and occasionally your passwords can be inadvertently or maliciously put in the public domain by a security failure at the website in question. Such security breaches (for example, the aforementioned Heartbleed bug) often make the national news, but do keep an eye out for stories on sites like BBC News’ Technology pages or on technology websites such as Mashable, The Next Web or TechCrunch.