How secure are your passwords?

If you’re like me and have trouble remembering passwords, it’s easy to fall into the trap of using the same password for everything… but this is a big no-no! It means that if one of your systems gets hacked, then they can ALL be hacked.

Then there’s those websites that require complex passwords – with numbers, letters or symbols …not to mention a MiXeD cAsE password with both upper- and lower-case letters. With many security experts providing a raft of good advice about having complex passwords, how on earth are we supposed to remember which password we used for what?!

 

Luckily, I stumbled upon an interesting concept that I thought I’d share with you. It’s called a “Relative Phrase-based Password Acronyms” …actually, I just made that name up, but hey – it explains it well enough. Basically, create a phrase that relates to the system you’re logging into. For example, if you’re logging into Twitter – think of a related phrase… for example: “Tweet said the bird on the lawn at 6 this morn”. Now turn it into an acronym… Tstbotla6tm. Wow – look at that secure password! It’s a good length, has capitals and lowercase letters, plus some numbers. Yet, it’s still easy to remember.

Let’s say you’re logging into Facebook – first, we need a phrase! How about… “Login 50x a day to see what my friends are doing”… which would be L50xadtswmfad… see where I’m going with this? Remember – the brain usually remembers weird things, so the stranger the phrase you pick, the easier it’ll be for you to remember it.

 

Another way to improve password security it to enable two-factor authentication. In short, this is “something you know” + “something you have”. Many online services offer this form of security (Gmail, Google+, Dropbox, Facebook, WordPress & LastPass are fine examples).

It basically means that in addition to your password (something you know), you need to enter a once-off SMS code, or a series of random numbers on a key ring dongle that changes every 60 seconds (something you have). These work well because people (or computers with password-guessing algorithms for that matter) can guess passwords… but they cannot guess the random code that is shown on your key ring dongle, or that gets sent to you phone. To get that, they need to know your password ANDhave your phone (or dongle).

So how do you enable two-factor authentication? First, you need to check if your online service (eg. Gmail, Facebook, etc) supports it – you’ll usually find a setting for enabling it on in the ‘Security Settings’ area. If the service in question offers it, we recommend enabling it, as it offers an extra layer of protection. As mentioned earlier, most of these sites will offer you either a one-time SMS code, or a dongle-type random number that changes every 60 seconds… but which method is best?

 

Well, if your phone stops working or you’re overseas & don’t have reception, you might not receive the one-time SMS code and you won’t be able to log into your Gmail, hence the random number generating dongle is probably a better option… but a key ring full of dongles from many different companies doesn’t sound like an ideal solution – surely there’s a better way?

There is. Google have come up with a solution – the Google Authenticator app (available for Android, BlackBerry & iPhone). It’s basically a ‘digital’ version of those random-number-generating dongles – all in one place. If I want to log into Facebook, I need to enter the 6-digit random code first. Gmail? Same thing – different random code.

This, coupled with your usual password (which, we hope after reading this, you’ll change to something more complex!), makes for a more-secure working environment with a reduced chance of unauthorised access occurring. To quote Lifehacker: “Please don’t wait to turn on 2-step verification. It’s not that hard, and it will really protect your account.”