Password Advice

How many times a day do you need to use a password? I was prompted to ask myself this question the other day when I signed up with Cycling UK (Cycle Touring Club as it used to be known) and I was asked for a password to “open my account”. I didn’t really consider this an “account” as such – as far as I was concerned, I was joining a club for which I paid subscription and from which I would be receiving newsletters and maybe even get access to useful cycling-related offers. I then got to thinking, just how many other times do I need to use a password during the course of a day or a week? Until now, I hadn’t given it much thought and had been gradually adding passwords as I needed to. I realised, I’d also been thinking of passwords in connection with financial transactions, whether they be banking related or other business-type interactions, but this is far from accurate. Without much effort at all I made a quick list and was able to come up with nearly thirty instances where I need to use a password of some sort or another, and I’m not an avid internet user. I expect I’m not alone in this. This led me to thinking, how secure are my passwords and how secure do they need to be? A passing word to one of my colleagues led him to send me a link to a useful video all about this: One very scary fact I learned is that a password cracking program can crack a random eight-letter password (which has over 2 billion possible variations!) in just over 2 seconds!! So how best to protect yourself from having your passwords cracked? There are four basic rules you should follow in setting your passwords:

Number 1 – don’t choose a password that’s easy to guess (the name of your pet, a significant date, your nickname).
Number 2 – make your password as complicated as you can manage. Mix up capitals and lower case, use numbers and punctuation.
Number 3 – make your password as long as you can. Fourteen characters or more are what’s recommended.
Number 4 – don’t use the same password for different “accounts”.

Great, so now you have all your passwords (thirty in my case), involving capital and lowercase letters, digits and punctuation. How do you store them in your head or elsewhere? One method is to make up a saying to help you remember each password (see the video above). This does ultimately rely on your memory and may not be ideal of you have a large number of passwords to remember, or if you need to use some of them only occasionally. (I know whenever I come back from holiday my memory feels like it’s been wiped and I struggle to remember anything like this!) For another tip on creating passwords see: Password Strength

You probably still need to record them somewhere, whether that means writing them down on a piece of paper (old-fashioned, I know), or recording them say on a word or excel document. While this will solve the problem of having to remember them all, you need to be super-careful that you don’t inadvertently leave this record (in whatever form you’ve chosen) somewhere you shouldn’t – on a bus, on a train, on a park bench (some very nice benches in Newport on Tay). And of course you mustn’t store the document anywhere it could be accessed by a fraudster. Whatever you do, DO NOT do this!!! Password Post-it Note

Another potentially better option is to think about using a password manager. This is a whole other topic and I’ll be writing about it separately. In the meantime, I know we’re all guilty of thinking “this won’t happen to me”, but the fraudsters are out there right now, so it’s going to happen to someone. The more you can do to protect yourself the better!