A few weeks ago I started to receive SPAM emails from a friend of mine and it quickly became obvious that her email account had been compromised. Her account wasn’t compromised because of a phishing scam or because her computer had caught a nasty bug it was a simple case of a weak password.
I know my friends get bored of me banging on about how the name of their pet cat / mother / father is not a good password but I now have one friend who wishes they had listened to me!
The problem was that it was her business email address that had been compromised and after some embarrassing apologies to clients for the nature of some of these SPAM emails we set about trying to get control of the account back.
Now this was a Google account and the people that had hacked it changed the password so it was a few days until she could prove her identity to Google to enable her to get the account back.
In my experience people either use incredibly strong passwords such as $%^£@svr312£ and write them down (defeating the object!) or simple passwords such as password which are easily defeated in a dictionary attack.
Here are my 10 tips for secure passwords:
- Avoid Common Words – Sounds obvious but a study to find the top 25 leaked passwords of 2012 has revealed too many people are still using “password”, “123456” and “12345678” for their login credentials.
- Use different character classes – try to use a different character set in your password. A-Z is one character set 0-9 is another, so for example password could be Pa$$wor6
- Use letters from a phrase – You could use the first letters from a phrase e.g. To be, or not to be, that is the question would become tbontbtitq
- Don’t let the user include their user Name in the password – This just gives the attacker a head start, don’t do it!
- Keyboard Patterns – Again, like a user name in the password, its best to avoid doing this. 12345 or qwerty will be one of the first sequences a hacker will attempt.
- Use more than one word – A hacker running a dictionary attack will find it harder with more than one word e.g. football is easier to crack than iplayfootball
- Separate your two words with symbols and numbers – taking the above you could use i-pay@football this inserts random characters into your password.
- Don’t write it down! Use a phrase that only you know – Writing down a password defeats the object of a password if you lose it! Use a memorable phrase or pattern such as an old computer e.g. Commodore-Amiga500+ or the colour and engine size of your first car e.g. V-Golf1600!!
- Use a different password for each site – Yes it can be complicated but it is a must if your password is compromised at least it will only be for one site. You could use:
- amazCommodore-Amiga500+ for Amazon
- hotmCommodore-Amiga500+ for Hotmail
- googCommodore-Amiga500+ for Google
- Never share your password! – Seems obvious but it does happen!
- Eleven? I thought you said ten password tips?! – I did but just to say it one more time, make your password secure!