Password – Your Lock Against Malware, Identity Theft, Financial Information Theft & Others
Are you using one of these as your password? If you are, then you need to CHANGE immediately!
|Rank||Password||Change from 2012|
The above is the 2013 list of worst passwords complied by SplashData, a leading provider of password management applications, and is derived from files containing millions of stolen passwords posted online during the previous year.
According to SplashData, this year’s list was influenced by the large number of passwords from Adobe users posted online by security consulting firm Stricture Consulting Group following Adobe’s well publicized security breach.
The majority of us pay little or no attention to password. We know the importance of password but it’s always a chore to design and remember a password. Password is sort of like a necessary evil; we can’t live without but at the same time, doesn’t want it to take up too much of our memory space. We already have so much to remember, the least on our mind is the creation of a strong password. However, we should not forget the purpose of a password – it exists to protect unauthorized access to our confidential and personal information; those information that we hold dearly! Like a lock on our front door, protecting our assets and personal belongings in our house, we want a strong lock to deter any potential intruders. A house with a weak lock is an easy prey for burglars, just like a weak password makes it that much easier for a hacker to access our systems. With the advances in technology, a hacker can easily design bots (robots) to scan the web for vulnerabilities and make scripts to exploit weaknesses found. With this said, having a strong password is a fundamental building block for your WordPress Security as well as other online security (e.g. Facebook, Google Mails, Yahoo Mails, etc.).
Some Tips on Password
- Length of password. It is recommended that your password be at least 15 characters in length but if you find this challenging, then perhaps, you can try one that is no less than 8 characters but in combination with the following points (Not to worry, I will tell you a little trick later in this article whereby you can easily adopt passwords with more than 15 characters).
- Composition of password. Your password should consist of uppercase, lowercase, numerals and special symbols / characters. For example, z@9J#WyF$.
- Do not use a word from the dictionary. However, if used in combination with point 2 above, it can reduce the vulnerability. For example, if we use London, we can try Z#$lOnDon8&. Or if you have a dog by the name of Xavier which is 4 years old, you can try #mDnX4yO (# my Dog name Xavier 4 years old).
- Different passwords for different sites. For convenience, we usually use the same userid and password for most, if not all, websites that we need to log in. If one site is breached, other sites could be at risk.
- Periodic change of password. Think of the underwear analogy – we need to change our underwear daily, right? Of course, our password is not expected to be changed on a daily basis but perhaps, every 90 or 180 days or a time period you are comfortable with (and by this I don’t mean every 3 years, okay?).
- Be selfish. Do not share our passwords, they should be kept close to our hearts. Do not paste our passwords everywhere. An additional person who knows our passwords increase our vulnerability.
- Keep it secure. If you are putting all your userids and passwords in a document, ensure that the document / file is encrypted. To encrypt a Word, Excel or PowerPoint document in Office 2010 and 2013, Click on ‘File’, make sure that the Info tab is selected, and then click the ‘Protect Document’ button. Finally, click ‘Encrypt with Password’, and choose a strong password for your file. Refer to the image below:
Want to find out the strength of your password, you can test it out here: https://www.microsoft.com/en-gb/security/pc-security/password-checker.aspx
If you are having trouble coming up with strong passwords, there are many password generators available on the web and the best thing is they are free. Google search “Password Generator” and a list of results will appear. Some of these are:
Need Some Help To Remember Your Passwords
Frankly, all these long passwords with uppercase, lowercase, numerals and symbols, it will be an uphill task remembering all of them. Even if we put all of them into an encrypted file, searching for the relevant one to use when logging into a website would probably take some time.
However, with advances in technology, there are many Password Managers applications in the market that makes life that much easier for us when dealing with passwords. A Password Manager is an application that will organize and offers protection to your passwords and can automatically log you into websites. You only have to remember the password to access the Password Manager and it will take care of the rest. So, don’t forget this master password!
I am highlighting some of them here for your information. I have been using the free version of LastPass and it is doing what’s supposed to do – generating strong passwords and then saving them in its vault, populating the information when I visited the websites and then allowing me to easily log in. The paid version allows the use of LastPass for mobile access.
- LastPass (https://lastpass.com/): The Last Password You Have to Remember.
- 1Password (https://agilebits.com/onepassword): 1Password gives you the security you need in today’s online world without slowing you down. 1Password makes you more productive while simultaneously increasing your security with strong, unique passwords for all your accounts.
- KeePass (http://keepass.info/): KeePass is a free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish).
- Roboform (http://www.roboform.com/): RoboForm is easy-to-use, fast, and you can access it from everywhere. RoboForm is a unique product that makes your life easier and more secure. Trusted since 1999, millions of users across the globe have discovered the benefits of using this password management software.
- Clipperz (https://clipperz.is/): Everything you submit is locally encrypted by your browser before being transmitted to Clipperz. The encryption key is a passphrase known only to you! It is impossible for anyone without that key to decrypt your data.
- Dashlane (https://www.dashlane.com/en/): Keeping track of passwords and making them secure is startlingly simple with Dashlane’s free password manager. Automatically import your passwords from Chrome or any other browser into your secure password vault. Save any missing passwords as you browse. Make a new password right within your browser. Get automatic alerts when websites get breached. And with our auto-login, you will never have to type any password on any of your devices again. It’s that simple.
- Sticky Password (http://www.stickypassword.com/): Over a million users have selected Sticky Password as their password manager of choice since 2001, because password management – making your online life easier without compromising your security – is our only goal. Since 2010, Sticky Password has also been selected by security leaders like Kaspersky Labs, Imation, SPAMfighter, and others to power elements of their solutions.
You can read in more details about the features of the above Password Managers in this article “6 LastPass Alternatives” (http://www.techshout.com/alternatives/2013/12/lastpass-alternatives/).
While many may be sceptical about how secure a Password Manager is, so far, there have been no reporting of major breaches except for that incident that occurred in LastPass at the start of 2011 but it appeared that no passwords compromised. LastPass noticed a traffic anomaly, rather than the theft of any data, and reacted immediately by forcing all users to change master passwords before their stored information could be accessed. For extra security, the change was required to be from a known IP address or confirmed with email validation. Even if password hash files were downloaded (and it isn’t clear that this was the case), as long as those users had followed the recommended advice regarding master password strength and complexity, their password vaults remained safe.
So, would you be putting your different eggs (i.e. passwords) in one security basket or to put your one egg in multiple baskets (one password multiple sites)? Well, if you want to find out more on the security aspects of Password Manager, you can read this article on “Password managers: Are they safe? Which is the best?” published by PCPro. (http://www.pcpro.co.uk/features/380377/password-managers-are-they-safe-which-is-the-best/2)
Now that you have learnt a bit more about password, it’s time for you to take action to improve the protection of your online security. Let us know some of the methods you adopt to keep yourself safe and sound online and collectively, we can learn with each other.