Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Are your passwords safe?

Joe Kissell | May 3, 2013
How to keep your accounts as secure as possible

We don't mean to alarm you, but - well, actually we do. Your password strategy, if you have one at all, might be seriously out-of-date.

In the past year, several well-publicised attacks on major online services exposed users' passwords. For example, in June 2012, more than six million LinkedIn passwords were stolen and posted online. Just over a month later, more than 450,000 Yahoo passwords were leaked.

The direct damage resulting from public disclosure of the passwords was bad enough, but the security breaches also revealed that vast numbers of people follow dangerous password practices that can result in far worse problems.

If you haven't examined your approach to making and using passwords recently, now is a good time to rethink your assumptions. Here are a few important facts about passwords you may not have realised - and what they mean for you.

WHAT YOU DON'T KNOW ABOUT PASSWORDS

Here are some key points to bear in mind as you create new passwords

Password reuse is a major danger

You know how it is - every time you turn around, another website or online service wants you to create a new password. Because that's so tedious to do, you may be tempted to rely on shortcuts. But those shortcuts can get you in trouble. As a case in point, consider the common practice of using the same password for multiple sites.

Suppose you signed up for a LinkedIn account, and you used the same password that you previously chose for your Gmail account. Then, in June, you were one of the unlucky people whose LinkedIn password was leaked. An enterprising hacker who knew your LinkedIn password could have easily tried it with other popular services, so gaining access to your Gmail account would suddenly be child's play.

That's a problem, not just because someone could read or delete your email, but because you might use your Gmail address to access or reset other passwords. After clicking the Forgot Password link on other sites, the hacker could check your email to get access to accounts that use those other passwords. Even reusing a single password in two places could, in this way, cause cascading problems.

The best way to overcome a password reuse habit is to use a password manager, such as 1Password ($51.99 on the Mac App Store) or LastPass (free; US$12 per year for premium service via lastpass.com). These tools auto-generate passwords, store them securely and let you fill them in on websites with a single click or keystroke.

Hackers know your password tricks

When people are faced with the need to come up with a new password, their next biggest crutch after reusing passwords is to pick something that's extremely easy to remember and type. As the lists of stolen passwords and other security research show, a lot of people still use '123456', 'password' and other simple strings. Naturally these and the next several thousand most common passwords will be the first ones a hacker tries when attempting to break into an account. Likewise, you should avoid names, dates and common dictionary words.

 

1  2  3  4  5  6  7  8  9  Next Page 

Sign up for CIO Asia eNewsletters.