Tuesday, December 14, 2010

Password perils

More than a third of people use the same password for more than one online service.

Just imagine: if that single password gets hacked then an individual's entire online life is up for grabs! And it's not that implausible a scenario: this week the email addresses and passwords of more than 1.3m people have been leaked on the Internet. (Details)
  • Use a different password for each service you sign up to
  • Never use a name or a dictionary word as your password
  • Choose a password that is more than eight characters long
  • Do not write your password down where it can be discovered by others - Storing a list as a draft email in Gmail means that Google knows all your passwords, for example!
Why use a different password for each service? You can't assume that the providers of the service you use will encrypt your password information, and keep the details secure enough that no one can hack in to discover them. If you use the same details for each service then a single exposure can lay your entire online life open to others.

Too hard to remember your passwords? Pick memorable sentences, one for each service, and make your password the first (or second) letter of each word from the sentence. Add in a % or * or similar character. And a number or two.

Just think: out of 1.3m people, more than a couple of thousand had either the word 'password' or the first letters of the top row of their keyboard, 'qwerty,' as their login information. And some of them had government email addresses. Chances are they used the same password for their work accounts. Crazy!