From the support desk – a word on password security

Once or twice a year we take a moment to pause and remind everyone about password security. I know, I know, it’s boring. We all know passwords are important. But we’ll take care of that tomorrow, right? Sadly, tomorrow usually means next month or next year and by then you’ve been hacked, your website has been updated with a series of links and your email account is sending out 1000s of spam emails per minute. If you do get hacked, we’ve got your back; but it’s far simpler and smarter to review your passwords. Here’s your yearly reminder.

First of all, can you find your password on these lists of the top twenty five most insecure passwords by year? If so, drop what you’re doing now and please, please, please go and set a new password.

What makes a secure password

Length. Plain and simple. The longer your password, the harder it is to crack. It doesn’t matter how many weird charters, numbers or symbols you use; take that advice and throw it the bin. Passwords are cracked simply by virtue of their length in most cases.

A computer set to the task of working through random characters can work through millions of password combinations in a remarkably short period of time.

Should I change my password often?

If you’ve been hacked in any shape or form, yes! Should you change it arbitrarily every six months, or three days, or other set window? Our advice would be no. Research shows that forcing users to continually change their passwords only encourages them to set weaker and weaker passwords that they can easily remember.

Instead our advice is…

Use unique passwords for every service and site

This sounds like a huge undertaking but its easier than you think. Instead of using the same password, no matter how strong, on every single website, consider using a unique password for every service that you log in to. If you find a particular site or service ends up getting hacked, your exposure to the attack will be limited to just that service. If someone manages to break into your Netflix account, they won’t be able to use their newfound password to go on to your bank account.

Password management

If the idea of storing hundreds of unique passwords in your brain sounds like unimaginable chaos, you’re not alone. Instead it’s much simpler to use a password management tool. My particular favourite is LastPass, but there are plenty out there and most offer at least the basics for free.

These management tools typically work across all your devices and require you to remember just one strong password. Once you’ve logged into the management tool with that password they take care of the rest. They’ll generate completely random and long (secure!) passwords for each and every website you access, and every time you visit they’ll log in for you.

Scare me some more

Really? Are you sure? Want to know how fast a computer can crack your current password? Check out this site and see just how quickly a relatively short and weak password can be cracked. You’re welcome, now go and update those passwords!

Comments

There are 2 comments on “From the support desk – a word on password security

  1. Avatar
    James September 15, 2020

    There’s an open source password tool and web app at https://samepassword.com for anyone that doesn’t want to use a paid commerical service like lastpass or 1password.

    Reply
    • Stuart Melling
      Stuart Melling September 15, 2020

      Thanks for the tip James. To confirm LastPass is also free for the basic features (password management across devices).

      Reply

Sign up to our newsletter

Get the latest tutorials, videos and special offers from 34SP.com.

Thanks for signing up!