I have so many different accounts with online services that I cannot possibly use a different, easy to remember yet hard to guess, password on every one. Or at least that's my excuse.
For security it's a good idea to choose a password that contains both letters and numbers, is at least 8 characters long, and doesn't contain a dictionary word. This rules out passwords such as 'ringwood' or 'happy123', or anything with your user name in it, because machines could guess them quite quickly. It's also good practice to use a separate password for each organisation where you have an account, and to make sure that you remember them without needing to write them down. Here's some more about password security. While I have a decent understanding of online security, in various ways I fail each of those requirements.
One could argue that the importance of a given password is relative to the sensitivity of the information it protects, and hence the damage it could do if someone else were to gain access. For my online banking, for example, I use a string of otherwise meaningless numbers that are very hard to guess, and I've never written them down anywhere. If I did that everywhere that I have an online account, however, I wouldn't be able to remember them all.
Some people use a software package such as KeePass to remember their passwords for them. This stores and encrypts all of your different passwords, and reveals them to you only after entering a master password of your choosing. I'm skeptical about this, because it allows a single point of failure; if someone manages to get that one single password they can now access anything you own. At the same time, if I forget that master password or my hard drive crashes, I have a frustrating time ahead of me.
Another concern is social engineering attacks including phishing, which have the potential to render all technological security measures useless, as they work by simply deceiving the password holder into revealing the password to someone who appears genuine. A rule of thumb here: if it looks like your bank, it may not be your bank.
From my perspective, though you should always be careful about security online, you should exercise the greatest caution with any organisation that has access to sensitive information such as your credit card numbers, where you live, your real name, or anything that could be used to defraud you or pose as you.
If there is a better way to remember many passwords yet at the same time ensure they are unique and hard to break, I'd be interested in finding out more about it.
Subscribe to:
Post Comments (Atom)
1 comment:
Tom,
I have read spy thrillers for 40 years and know we cannot fool those who really try to unlock our doors - metaphorically and literally. The human mind can always out do another human mind, as long as there is a human who wants to do so. Now that everything is faster and computer programs are generated to by pass passwords, as well as protect them, I follow the principles that our parents and grandparents and their forbears did, in protecting their environments. Make it very hard for the casual, professional and vindictice "robber" to enter your domain, and if they do, hard to get out - deadlocks everywhere.
Bearing in mind the first principle that the experts/thieves out there can do almost anything, I use passwords to provide the principal elements of security - obscure relatives' maiden names jumbled with numbers that have a significance to me and never, ever use the internet to post information I could not afford to have stolen. If I use my credit card I use one with little money available. If I give my personal details to internet providers, I figure that when I give those same details verbally to service prodiders over the phone or in person, I assume that my identity will not be stolen and/or sold to rogues. The same goes for details I give over the internet. I am not more wary now of security BECAUSE OF THE INTERNET. I just practise commonsense security (the same as practised since the telephone was invented and the post was delivered to letterboxes.
Then again, I am very conservative and do not use on line banking. My husband still uses a bankbook and goes to the bank to draw money!
Post a Comment