Open Sesame! Key tips and facts on passwords to your life online
Passwords are designed to keep data secret. We have passwords to let us in to our online accounts for so many things including banking, social media, online tools and emails. Like the lock on your front door, they protect your digital security. If your password is captured, guessed or stolen, someone could impersonate you online, steal money from your online bank account, send emails in your name or change files on your computer – to name just a few of the possible outcomes.
This is an update from a post published in July 2014
Here are some interesting facts and tips about passwords to ensure a more secure presence online.
Despite being told not to, people still use predictable passwords. Words like ‘password’ and the number string ‘123456’ are the two most common passwords. Here is a list of the most common and worst passwords.
Fact – 4.7% of users have the password “password”
Create strong passwords
- Strong passwords are phrases (or sentences) include at least three of the following: uppercase and lowercase letters, numerals, punctuation marks, and symbols.
- Whenever possible, use at least 14 characters
- The greater variety in characters, the better
- Do not use the same password for several logins
- Don’t use a password with personal information
- Don’t use sequential numbers (123456, 456789 etc)
- Don’t use repeating characters (AA777)
- Change your passwords regularly, particularly those that safeguard your computer, important accounts (like email or Facebook), and sensitive information, like financial and health data.
Fact – 41% of Australian Internet users between the ages of 18-34 are “happy to have the same password for everything they do online.”
Fact – 70% of people do not use a unique password for each web site
Store your passwords securely
- Never send your password via email or store your passwords in plain text on your computer.
- Write your passwords down but hide the list somewhere safe, away from easy access. Don’t leave notes stuck to your computer screen or desk. An indexed address book is a handy way to keep track of a large quantity of passwords.
- You can install software known as a “password wallet”, such as LastPass or 1Password. With this method, you loose control of knowing your passwords as the software generates random passwords for each of the sites you visit, storing them all behind a single master password. Just don’t loose the single login password you need to access your account! With this storage method you have the advantage that many password managers can be accessed via mobile devices so you have your passwords with you wherever you go.
Fact – A password with 6 digits combination of lower case can take about 10 minutes to hack where as a password with 9 digits combination of number and symbol can take about 44,530 years.
Protect your password
- Don’t share your password with anyone. It is meant to be a secret.
- Always log off especially if your device is turned on around other people.
- Don’t type your password into public computers (at business centres, hotels, coffee shops, etc.) MALWARE is rampant among public computers and the likelihood that your password is stolen is much higher.
- Before you enter your password into the browser check you are on the correct website. Check the page is secure-one that has ‘https’ at the beginning of the address bar and a locked padlock.
- In all situations of a suspected compromise of your passwords, you should notify the organisation/s affected. For example, if a password is for your online bank account, notify your bank; if a password gives access to your email and your Internet access, notify your Internet Service Provide
- Never share your password in response to an email or phone request—for example, to verify your identity—even if it appears to be from a trusted company or person. Never click on links in emails from people you don’t know, even from what may appear to be trusted sources (e.g., your bank). Often these are lures to phishing (hoax) web sites designed to trick you into revealing your password.
- Whenever possible, change passwords immediately on accounts you suspect may have been compromised.
Fact – “Open Sesame” is the phrase that undoes the magic that seals the cave containing the treasure in the tale of “Ali Baba and the Forty Thieves”.
Test your password
There are a number of online tools to use as a guide to see how secure a password might be. However, beware of entering your password into untrusted sources online. These sites could be phishing for your passwords and stealing them from you.
These free online calculators are designed to help you understand how many passwords can be created from different combinations of character sets (lowercase only, mixed case, with or without digits and special characters, etc.) and password lengths. The calculator then puts the resulting large numbers (with lots of digits or large powers of ten) into a real world context of the time that would be required (assuming differing search speeds) to exhaustively search every password up through that length, assuming the use of the chosen alphabet.
There’s no guarantee that these tips will prevent an attacker from learning your password, but they will make it more difficult. It is never too late to start getting serious about protecting your confidential and sensitive information.
Do you have any password tips?