Achyra Security Bulletin #004 – Passwords

How secure is your online identity? Thousands of Internet service accounts are being attacked and successfully hacked every day. The actual numbers are unknown but according to JUST Facebook out of a billion log in attempts over a 24 hour period typically 600,000 of these will be imposters attempting to access someone else’s profile. This problem is exacerbated by many people choosing to use weak passwords. How do you measure up in the password department? Read on for more info…

With more and more of our business being conducted over the Internet these days, most of us have some kind of password protected service we log on to over the Internet, and the majority of these will have a plethora of log in accounts. By this I mean webmail, office based mail systems, social networking sites, bank accounts, shopping accounts. The list is long and for each user is likely to get longer with time. “So what” I hear you say. Well the point of this bulletin is to remind you all not to use weak passwords and also ideally change them on a regular basis. This article http://www.telegraph.co.uk/technology/news/8898482/25-worst-web-passwords.html from the Telegraph lists the 25 most common (and therefore worst in terms of security) passwords according to a list compiled by an American password management application (Splashdata).

If you use any of these passwords from this “rogues gallery” I would recommend changing them as soon as possible. If an unscrupulous person was trying to gain unauthorised access to one of your accounts, you can be sure they would most likely try these passwords first. It’s also not a very good idea to use whole English words or names either as these can be overcome by “dictionary attack” applications. See here for more information http://en.wikipedia.org/wiki/Dictionary_attack.

So what are the best passwords to use? Well generally the longer the better but obviously we need them to be usable as well, so a good guideline would be 8-14 alphanumeric characters. For additional strength a mixture of caps and lowercase is a good idea, and for the strongest passwords you should include one or more symbol characters (?, ! or # for example). See this link for Microsoft’s password advice http://www.microsoft.com/en-gb/security/online-privacy/passwords-create.aspx. If you already have a password that you want to you use you can check its strength here: https://www.microsoft.com/en-gb/security/pc-security/password-checker.aspx.

Is it a good idea to use one password for all your accounts? Well no, in a word. This will make all of your systems easy to use on the basis of only needing to remember one password but if your password gets comprised you have lost privacy to all of your accounts instead of just one. Check out this article from the NY Times for some good advice on how to manage all your passwords. http://gadgetwise.blogs.nytimes.com/2009/06/24/how-to-securely-manage-all-your-passwords/

If you would like more information on this topic please feel free to contact me on this email address or by phone on 07810 543910.

Please feel free to circulate this email to your family, friends and colleagues.

Advertisements