Is your Password ‘Beef Stew’?

Are you sure it’s stroganoff?

It’s an old joke, but one that continues to pose itself as a valid security question (if you can forgive the awful pun). With many devices now looking to scan your fingerprint or retina, passwords are nearly an outmoded method of security and yet we are still utterly reliant upon them for much of our work. One of the reasons why passwords are so useless is that people are very bad at remembering them and thus create passwords that are easy to recall, which often makes them easy to guess.

Research tells us that the top 10 most used passwords are:

This evidences two problems. The first, is that a lot of users will create a password that is simple, easy to remember, quick to type and requires little, to no, imagination. The second, is that IT security protocols let them!

It’s true that companies could be doing more to force you to create a secure password containing at least 12 alpha-numeric and special characters, that don’t form a memorable word or name, but it’s also true that when they do its really annoying and you end up creating a password so complex you have to write it down or share across multiple sites.

It is very much in a user’s best interest to protect their personal data so you should create a password that is suitably strong and memorable, but not easily guessable.

Below are some useful tips to keep your data safe:

Do not
  • use easily guessed passwords such as those used above or other simple adjacent keyboard combinations such as asdzxc.
  • use your user name or the name of the application you are using as a password. Facebook is not a good password for Facebook.
  • choose passwords based upon details that may not be as confidential as you’d expect, such as your birth date, phone number, or names of family members.
  • use the same password but with a different number each time you are asked to change it.
  • use the password you’ve picked for your email account at any online site: If you do, and the site you are registered at gets hacked, there’s a possibility someone will be reading your e-mail soon.
  • store your passwords in an easily accessible location.
  • follow the dated guidance that letter substitution makes a strong password. Its just as quick to crack ‘p@ssw0rd’ as it is ‘password’.

Do
  • use a “passphrase”, multiple words strung together with no shared meaning, to increase the length of the password. For example: ‘PurpleBananaToast’. It’s both memorable and strong.
  • use two-factor authentication wherever possible
  • set up notifications for new logins or account changes whenever a service allows
  • utilise third party services such as LastPass or KeePass to store every password you use. These services allow you to save your credentials in one location and then lock them behind a single password which means you only need to remember one secure password. Most applications will also include a password generator which allows you create very complex passwords you don’t need to remember.
  • set up notifications with a trustworthy service to alert you to account breaches, we would recommend https://haveibeenpwned.com/