Better safe than sorry: a basic password primer

An often overlooked but vital part of any computer user’s day-to-day life is the humble password. From debit card PINs to logging into your favourite gaming site, passwords keep your personal information safe from people who are merely curious to the purely criminal at heart.

Yet the vast majority of people who use passwords have laughably easy ones in place, or use the same password for many different things.

The suggestions that follow concentrate on use on computer systems, but users can apply these tips to any kind of secure password or PIN use.

It is dangerous to skimp when creating a password, whether it is for an online site that dispenses jokes-of-the-day or your personal bank account. Passwords help keep your data private, so you should give careful thought to every one you create and use, no matter the purpose.

First, a brief primer on what makes a good password.

  1. Never choose anything obvious, such as your own name, address, date of birth.
  2. Nor should you use information that can be easily guessed at such as the name of a child or spouse.
  3. Do not use common words such as ‘secret’ or even the word ‘password’ itself!

In a recent survey, many respondents said they use the same password for multiple web sites or accounts - an astonishing 49 per cent of people who responded to the survey in the U.S. admitted they don’t even keep records of their passwords at all.

More secure are those passwords that include numbers as well as letters, though - again - avoid easily-guessed sequences such as ‘1234peter’ and the like. The most secure passwords are random mixes of letters and numbers, such as ‘gr9e5j30’ - even random guesswork or dictionary-based password attacks will have terrible difficulty trying to break these. Having a mixed letter-number (alpha-numerical, in computer lingo) password ensures no-one will ever guess it in one shot, and likely will move on to try to find other less-secure accounts than yours.

Random passwords do lead to another problem, one that keeps many people still using simple, insecure words: random letters and numbers are hard for people to remember. The scene in the movie Ferris Bueller’s Day Off illustrates this problem: Ferris sneaks into the principal’s office to steal the password of the week, which is scribbled on a notepad in a drawer. Complex passwords are difficult to remember for anyone without perfect recall, thus most are written down in a ‘safe’ place. Bad idea: anyone finding this password list has access to all your information!

This is where password management programs come into the picture. There are many available on the Internet, some for free and some you have to pay for. One of the best is a freeware gem called Password Safe. This program operates on a simple concept: all of your passwords are contained within it, protected by a master password. This means you only have to memorize ONE complex ‘master’ password to secure ALL your other passwords. From website access codes to PINS for bank accounts, you can keep any information you like secure inside Password Safe.

The program also utilizes 128-bit encryption to keep the master file data secure. This means that even if a thief or hacker gets access to your PC and finds the folder where the master password file is, they cannot get at your data. Without the master password, it would take current computers centuries to crack the encryption on the data file - far too much time and trouble.

Other programs are available that automatically fill in the correct passwords when you visit a specific web site, but this is less secure a method as it means anyone with access to your computer can access any web site you have passwords saved on. This kind of feature is also available within major web browsers such as IE7 and Firefox, but wise users know better than using it anywhere but sites where your information is not of a type to be overly worried about.

Common sense tells us that the fewer people know a secret, the longer it stays a secret. So do not give your passwords or PIN numbers to anyone who does not absolutely need to know them. For example, the common practice of sharing PINs between people (such as a girl or boyfriend) is dangerous. While trust is a great thing to have in a relationship, bear in mind that all thieves and hackers have to do is get a foot in the door. Once they manage to get a little information about someone, they can use that to make better guesses as to other passwords or PINS. So keep your personal information private as much as possible, to prevent it being misused - nobody will protect your passwords or PINS better than you will, so keep your secrets close to you.

Changing your passwords once in a while is also a good idea, though perhaps not as often as some places (like banks) recommend. Changing them a few times a year will keep your data safe, as long as your passwords are not so simple that any child with time and a keyboard can easily guess them.

In summary, make your passwords unique and as complex as you can manage to remember. The better they are, the less you will have to worry about the security of your private personal data - the perfect password is only good as long as just YOU know what it is.