Create strong passwords to protect your business
By Steve Claridge on 25th March 2015
Password security is a huge problem. Almost all online services require you to enter a password and many people do not realise that the passwords their are using are making themselves vulnerable to people who want to steal their money, hijack their accounts, destroy their websites or worse.
When people use weak passwords it is akin to leaving your front door open and propping up a big sign saying, "I'm out for a few hours, feel free to take what you want". You might think that you have a small website that noone is interested in hacking or that no-one will want to compromise your Amazon account but hacks are happening all day every day and one of these days it could be you or your website.
It might not even be your website that gets hacked but you still get compromised because you chose weak passwords. Just recently 152 million email addresses and passwords were stolen from the Adobe website (the makes of Photoshop and PDF), 1.1 million emails/passwords were stolen from Forbes, 500,000 from Yahoo and 4.6 million from Snapchat. And that's just a drop in the ocean. So if you signed up for one of those websites then someone somewhere has your email address and your password, which might be OK if you don't care much about your Snapchat account but what if someone used the same email address to sign up for Snapchat, Amazon and their online banking? An attacker can now try that email and password combination to get into your stuff anywhere on the Web.
So, in short: ALWAYS PICK A STRONG PASSWORD.
Picking a secure password is actually pretty easy but a lot of commonly-held knowledge about what makes a good password is out of date and people may be choosing weak passwords even when they think they are being diligent and picking something secure.
Typical advice for creating a strong password is something like this:
Choose a password of at least six characters, using at least one uppercase character, one number and some punctuation.
Which is kind of OK, it stops someone from picking a password of "rabbit". So what do they do instead? They pick a password of "Rabb1t!", which is just as terrible as the first one and will see someone clearing your bank balance in no time. Hackers have accumulated lists of millions of passwords so you cannot safely use short passwords and because sites ask you to use an uppercase, a number and some punctuation people will, for example, substitute an "i" for a "1", so a password of "Rabb1t" becomes a common one too.
Wondering how secure your often-used password is? Try this website:
It tells me that a password of "rabbit" will be cracked instantly and "Rabb1t!" will take an hour, so it is a little better but not enough if you are securing your online business or your bank account.
How to pick a strong password
The length of the password is more important than including uppercase letters or punctuation, go back to the password tester website and enter a password of "hello my name is steve and I live in oxford". Apparently that password will take "318 novemdecillion years" to crack. I have no idea how big novemdecillion is but it sounds like it is big enough to secure my website!
Of course the problem people having when choosing a password is that they need to pick something that they can remember later. Choosing a sentence fits this bill, for me "hello my name is steve and I live in oxford" is far more memorable than "gr@velp!t1" and it is easier to type.
So, my tip is this: Use a sentence as your password
If you have a dog then "my dog is called Bowser and he likes to dig" is a great password for you, whereas "B0wser!2" is awful.
Tips for staying secure
- Use sentences as passwords, make sure they are at least 16 characters in length, the longer the better.
- Write your password down. Yes I said that. Write your passwords down on a piece of paper and keep them at home. What is more likely: someone breaking into your home and taking your password list or someone compromising a website you once visited? A memorable password wins over a short one.
- Use a different password for every website that you care about. Use a unique password for your online banking and your website admin, so if a hacker compromises blah.com that you visited 4 years ago then it is not a problem for you.
It is easy to assume that hacks are something that happen to other people, but one of these days your details could be hacked to, maybe they already are, so pick strong passwords and don't make it easy for people to walk through your front door and steal your TV.