An Appeal about Passwords

Posted by Roger

This is an appeal about passwords – an appeal that you always use strong passwords.

As everyone knows, there is a lot of attempted fraud on the internet and there are people who would like to use your userid and password to access the services you use. Why do they do this? It may be that they can get financial information, e.g. credit card details, which they can take advantage of or, they may just want to use your email address to send SPAM messages to others. The first of these can obviously lead to your finances being compromised (usually quantifiable) and the second results in reputational damage, both personal and affecting your business (unquantifiable). Neither of these outcomes are, in any way, desirable.

An appeal for strong passwords

In addition, if you have a website that you can update yourself, like WordPress, then if your userid and password can be guessed, others can access your server and utilise that machine for other criminal activities such as bombarding other sites with random requests as a means to cause another company’s site to collapse. The reason people do this is to extort money from the website owner in return for stopping the barrage of spurious requests. The effect of this activity on your site (i.e. the one sending the requests) may not be that obvious but the speed with which your pages load will decline, causing user frustration, and the search engines are likely to discover this activity on your server and may, therefore, ban your site from their listings.

To protect ourselves and our businesses I believe we have a duty to use strong passwords that are difficult to guess or break.

There’s more information in general about protecting your site from hackers in the post How to protect your website against hackers.

Top 10 Passwords

Even in these times of greater awareness of computer crime, many people do not take much care about passwords. This was revealed in a report from SplashData who published a list of the top passwords used on the internet which they obtained from lists of stolen passwords published in 2013. Here’s the top 10:

  1. 123456
  2. password
  3. 12345678
  4. querty
  5. abc123
  6. 123456789
  7. 111111
  8. 1234567
  9. iloveyou
  10. adobe123

As you can see, all of them can be easily guessed – simple for humans and even simpler for the computer programs that are written to automatically try to break into password protected accounts. If you are using any of these passwords for any service you access, please change them now.

Password Managers

Before I make some suggestions about how to create a good strong password, you could be thinking that you need to make passwords easy to remember otherwise you’ll forget them. This is not true if you use a password manager. If you’re not familiar with this type of software then its job is to remember the passwords you use on all the different sites you access so you don’t have to. All you need to remember is the password to the password manager – that’s it. The individual passwords are then securely stored and automatically entered into the right passwords fields when you need to log in. Have a look at LastPass , 1Password and Dashlane. They are all free (with premium versions too) and they all get good reviews. Personally, I use LastPass and find it works well. For me, this is the solution to having good, strong, secure passwords as you don’t actually have to remember them or write them down anywhere - you just need the single master password to your password manager.

Good, Strong Passwords

When I am creating a password, these are the elements I want to include:

  • At least 8 characters
  • Some numbers
  • Some lowercase letters
  • Some uppercase letters
  • Include some special characters (*, <, >, %, ?, !, #, £, $)

Avoid using common words and substituting zeroes for letter o and 1 for the letter l, e.g. L1verp001. That’s still too easy for hackers to break. The SplashData web page I referred to above makes some other suggestions about passwords which I personally don’t use but you may want to have a look at that too.

LastPass offers a security health check on passwords and can scan for all sorts of vulnerabilities suggesting actions that can be taken to improve your protection. I imagine other tools do something similar.

Conclusion

Online security is important for you personally as well as for your business. We can never be 100% secure but, based on that list of most common passwords, there is a lot many of us can do to improve matters. Let’s take proper responsibility for our online security and take the time to create robust passwords. Can you think of any reasons not to do that?

More from the blog

Password mistakes you could be making

Everyone needs to use strong passwords to protect themselves against hacking online

Passwords are, at the moment at least, an essential part of our online life both in a work and in a personal context. They are like keys to a door, but instead, they give access to our email, our social media accounts, our bank accounts, our websites. However, many people still tend to use passwords that can be easily guessed or cracked and so put their private information at risk of being discovered by hackers. In this article, I discuss 10 ways in which you can protect yourself on line using simple techniques that can increase the security of your passwords.

Read more

7 great reasons to get a new website in 2022

The New Year is an ideal time to review your business website and see whether it is still fit for purpose or whether it needs replacing.

The start of a new year is a good time to review the effectiveness of your website. Is it still fit for purpose? Does it bring new leads? Are you making enough sales through the website? Does it still look good and make a positive impression on potential clients? Is it secure and mobile-friendly? As we all know, the internet world changes rapidly and what worked well last year may well not work so well this year. With all that in mind, this article gives you 7 solid reasons why you might want a get a new website or make some changes to your existing site.

Read more