Melbourne-based writer and journalist. Purveyor of finally crafted radio plays. A Muppet of a man.
Think about all the accounts you have online that require a password: email, Facebook, Twitter, Paypal, a multitude of forums, a handful of bank accounts.
Now think about how many of these accounts use the same, easy to remember password. The name of a relative, a footy team, or a cherished pet? Or did you make the worst mistake, and set your password as ‘123456’, ‘abc123’, ‘qwerty’, or even the dreaded (but strangely common) ‘password’?
You aren’t alone with these mistakes, chances are that if your password is easy for you to remember, it’s easy for a hacker to figure out.
Melbourne comedian Simon Taylor recently found himself vulnerable online when his Gmail account was hacked. It quickly led to a $1500 computer being purchased directly through his Paypal account.
“My first reaction was to laugh,” says Taylor. “I couldn’t believe what was happening. The only way I found out about it at all was that Paypal sent me the bill.”
This was the second time Taylor’s Gmail account had been hacked. “It got sorted out in the end, but it took 2 1/2 hours on the phone trying to get through to a human at Paypal,” he says. “I’m actually quite lucky – if I had the money in my bank account I would have been in real trouble.”
Despite regular failures in effectiveness, passwords are still the most common form of online security, with the average person reported to use at least ten passwords a day.
“It’s open to question as whether passwords were ever an effective security system,” says Dr Philip Branch, a senior lecturer in telecommunications at Swinburne University. “People have a large number of accounts that needs passwords, and the temptation to reuse is strong. In itself this is not a problem, but the security on all these systems isn’t uniformly good.”
What makes a good password?
A good password is sufficiently long, easy for you to remember, but to an outsider would appear to be meaningless – anything that can be looked up in a dictionary should be avoided, but instead should combine letters, numbers, and characters.
“The best way to construct a good password is to use two or more pieces of information, and combine them in a way that only you know,” says Dr Branch. “That way they don’t leave themselves open to dictionary attacks.”
While a separate password for every account might provide good security, it isn’t the most practical solution. A mixture of letters, numbers and symbols of at least fifteen characters is the most secure method.
“It’s a good practice to have strong and unique passwords for sensitive accounts such as banking, and a hierarchy of passwords for lesser applications,” says Dr Branch.
Checking your password security
While strong passwords are a must, verifying the security of your existing passwords is recommended, as well as changing them regularly.
Web browser Mozilla Firefox released a plugin that monitors your passwords, lets you know if you’ve used them too often, and shows which ones you need to change.
A number of websites, such as shouldichangemypassword.com, created by an Australian, allow you to check if your email address has been compromised.
“We have close to ten million email entries in our database,” says Daniel Grzelak, the founder of the website. “It sounds like a huge number, but it’s just a fraction of the email addresses used globally. Even so, all those owners would need to change passwords across multiple online accounts.”
Regardless of how many passwords you have in your life, there are a range of programs available on all devices to ensure you don’t need to remember them, no matter how complicated. Most are controlled by a master password, and once unlocked give access to any stored passwords or sensitive information.
“A good password security application will be using robust encryption techniques to store any information,” says Michael McKinnon, a security advisor for online security company AVG.
“Make sure you have a good master password, as there’s no way they can be invulnerable to hacking. That’s the dilemmas with these programs – you’re shifting the responsibility.”
The main reason we have simple passwords or re-use them is to make them easier for us to recall. With programs available such as 1Password, Sticky Passwords, and Lastpass to take on this responsibility, secure passwords are a real option.
(Mac, Windows, iPhone, iPad, Android)
1Password is one of the most popular password storage applications available, and can hold not only your passwords, but details such as your driver’s license and credit card numbers. Once unlocked it can also plug all this information directly into a web browser, and will even automatically generate new passwords for you.
A browser-based password encryptor which works after purchasing a license. Sticky Password stores all your passwords and fill in all your forms automatically.
(multiple bowsers – free, but there’s a premium version for $1 a month)
Remembers passwords, fills in forms, synchronises across multiple computers, all for free. Uses a master password to allow access.
Dot Lock Protection Pro
Cheap, popular, and pretty to look at, this is the most popular password storage in the iTunes app store – the 99 cent price point being a large drawcard. While it stores your passwords, you can also hide information, photos and contacts, get access to break-in reports, and apply a cool ‘dot lock’ to the lock screen (which is just the numbers replaced with dots). Judging by screenshots, this app is aimed at those with plenty to hide from anyone who might snoop through their phones.