Simple Security: Passwords! (Stay Safe Online – Part 1)

Welcome to part one in our series on keeping your online accounts secure! Today, we’re going wordleto be dealing with one of the simplest ways to ensure that all your passwords are secure and your email account is locked down.

Most people assume that secure passwords have to be incredibly long, indecipherable strings of symbols and numbers that a computer itself would struggle to remember. While this may keep you secure, there are far easier and better ways to achieve this.

  • Use a different password for every* site

The easiest way to keep your passwords secure is to never use the same one online twice. There’s an “*” after every, because for sites that are very low risk (as in, it doesn’t matter if someone does get access), this rule could be bent slightly. But for every website that matters even slightly, use a different password for each one.

This means that if someone does get your password, they can only access one site with it which should very significantly slow down the amount of damage they can do before you can fix it all.

Secondly, you should not assume that all websites will keep your password safe. The secure way for them to store passwords is to turn it into an irreversible code, which they can compare the password to but can’t get the original password back out of (those interested in mathematics, or computer security, can read more at this Wikipedia link). However, some websites may not do this, and some websites may even be run by those who will try to use your email address and password to log into other websites.

Keeping a different password for every website reduces or removes these risks. In our next post, we’ll discuss ways that you can safely remember these passwords (no, sticky notes on monitors or Word documents on desktops don’t count!) so that this isn’t an inconvenience.

  • Use a secure password for every site

“I thought you said that there were far easier and better ways than very long complex passwords?”

Yes, there are! “S%V6Yap9ROzHj*t” is a password that was randomly generated just as this post was being written. It is very secure; long, almost impossible to guess (or remember) and very likely will be the only time this password will ever be used.

But if you’ve been on the internet for a while, you may have come across the comedic genius of XKCD. They have a rather different take on secure passwords:

Comic by XKCD for generating passwords - combining words and numbers may be better than a random indecipherable string

Thanks to XKCD for this, licensed under Creative Commons: Attribution Non-commercial 2.5. Source: https://xkcd.com/936/

As you can see, taking four simple words and putting them together makes a much more secure password than the one I suggested above.

Some websites may require capital letters, numbers, symbols or a minimum length for the password. That does help to keep a password secure; “phonebox” is very insecure, whilst “PhoneB0x1992!” suddenly becomes very secure (and isn’t much harder to remember).

Finally, pick a password suitable for the account. Anything to do with banking or money (for example, eBay, PayPal, online banking accounts etc.) should be very secure because more people will want into it than perhaps other less lucrative websites.

  • Keep an eye on the news

This one is simple. If the media reports a website has been hacked, change your password for it immediately. If you used the same password for any other websites, change it for all of those as well.

To be absolutely safe, you could consider changing your password for every website that you use – although that probably won’t be necessary. In every case, read any messages the affected websites send you and follow their instructions as well as the ones above!

  • Where do reset password emails go?

Most people will have forgotten at least 1 password in their life, and we all know the drill – click “Forgot Password?”, enter your account name or email address, maybe answer a security question and they’ll email you out a reset password link or new password in a few minutes.

So if someone has access to your email account that all your other accounts send emails to, then they can access pretty much all these other accounts with not much difficulty. And that’s before you consider the amount of personal information you probably have sitting in your Inbox.

You may be tempted to create a special email account for this purpose, but you still have to keep it totally secure or the same problems emerge. Instead, make sure any email accounts handling personal emails or emails from online services are kept as secure as possible! The following posts will detail further security (and convenience) measures you can take, and you should definitely read them.

Even if you decide that it’s too inconvenient for all your other online accounts, secure your email account! It will be the best thing you can do to secure all your other online accounts.

This article was written by Connor Stuart, a 2nd Year Informatics student at the University of Edinburgh

Advertisements