The recent password scandal with the social networking site Twitter, in which several high profile users including Barack Obama and Britney Spears had their profiles vandalised, has raised the issue of password security once again.
In reality, few actually put much thought into “best practice” when it comes to security passwords, be it for a Facebook profile, email account, forum username or PC logon password. Many of us, in the interests of convenience, even take a “one size fits all approach” and use one password for every account possible whilst others take advantage of password remembrance software.
Of course, there are flaws in such systems. Whilst somebody hacking into your Myspace page could get up to little more than mild mischief, the fact that one of your primary forms of defence against malicious activity could have serious implications, particularly if you have a somewhat lax attitude to password security.
So what is “bad password practice”? Essentially, any password that could be guessed without an awful lot of imagination would fit that bill.
Back in 2006, PC World Magazine released the ten most common computer password’s in the UK. Let’s see if any look familiar.
10. “thomas” – Simply putting your name is a common idea that people have. In this case, Thomas came out on top.
9. “arsenal” – Football teams – another common one and, if you know who’s account that you are wanting to breach, one that’s easy to guess.
8. “monkey” – A six letter word (meaning that it meets most minimum character lengths) and an easy to remember word.
7. “charlie” – Another name and another that’s particularly memorable.
6. “qwerty” – For those who just like to run their fingers along the top of the keyboard.
5. “123456” – Well, it’s one way to make the character limit.
4. “letmein” – Perhaps a modern take on “open sesame” – the famous phrase from Ali Baba and the Forty Thieves.
3. “liverpool” – Another football-related password.
2. “password” – The second most used password on UK computers is the word “password”.
1. “123” – despite most password systems requiring a six character limit, as many as four in every 1000 passwords in the UK was just “123”
So, let’s say that your name is Charlie and that you support Liverpool – how do you choose the right password? Here’s our top five guide to help you protect your accounts.
1. Don’t make it obvious.
Let’s say that you are a member of a Liverpool Football Club fans forum and somebody wants to hack your user profile. There’s nothing malicious in it, they just want to cause some mischief. So, how many forum users do you think will have made their profile password “liverpool”?
Depending on what your profile is for, remember you are probably giving a hacker some clue as to who you are, whether it’s your favourite football team or band, the car that you drive or what your hobbies are. Don’t make that situation worse with an obvious password.
2. Size does matter.
The longer your password is, the harder it is to guess. That’s essentially why most passwords must, as a minimum, be at least 6-8 characters long. If there are more characters to use, take advantage of them.
3. Add some character.
Or rather, characters. Whilst you might find that some passwords will limit how many ‘special characters’ you can use, adding a few into a password can make a big difference. Instead of using “password”, try using “pass-word” or “pass_word”.
4. Capital Ideas.
With most password systems being case sensitive (ie, “password” is different to “PASSWORD”) using a sprinkling of capital letters in your password will seriously improve your password security.
5. Number crunching.
Replacing letters with numbers is another great way of making your passwords even tougher. Even if they are fairly obvious replacements (for instance, replacing “L” or “I” with “1”), they can make it very difficult for a would-be hacker. Instead of using “password”, try using “pa55word” or “passw0rd” (or a combination of the two!).