[ Taken from HP.com (Small & Medium Business) - Security Tips ]
Are your passwords strong enough?
If you wanted to hide some money, would you leave a bright yellow post-it note stuck to the bottom of your keyboard, giving directions of how to find it? How about on the top of your monitor? Or under your phone?
Of course not. But the fact is that a surprising number of people write their computer passwords down and then keep them in exactly those obvious places, just waiting for the nearest malicious data thief to find them. We do it because it’s difficult to remember the many passwords we have, let alone cope with those which change every month. So of course, we write them down on pieces of paper, and then we have to remember where we’ve kept them.
6 most popular (and therefore worst) places to hide passwords
The worst thing you can do in terms of security is write your passwords down and hide them somewhere around your desk or under your chair. But people do it! These are the most popular places:
- Under the keyboard
- Under the mouse pad
- Under the phone
- Under the desk
- On the monitor
- In your top drawer
The best memory is the one in your head
Anyone working in IT security will tell you this: no password is 100% secure, but the best place to keep them is in your head – to memorise them. So what you have to do is create strong passwords which you won’t forget.
And that’s the problem: many people worry that unless their passwords are short and simple, they will forget them. They choose their own names or those of their children; their addresses; their birthdays; common sequences of numbers like 88888888 – and they use one password for everything, for all their online accounts. (This is obviously not a good idea, since if a hacker manages to find your password, they will try it for all your accounts.) Mistakenly, they assume that they aren’t important enough for hackers to want to get at their information, not realising that cybercriminals are ruthless: they will take anything they can, regardless of who you are; in a few seconds, they can steal your identity, your money and your reputation.
And they can do it quite easily. One commonly available “password guesser”, for example, can find 24% of all passwords by using just 100,000 combinations, and it can test several hundred thousand passwords in just ONE SECOND.
How strong are your passwords? Test them here, at Microsoft’s Safety & Security Center.
Useful tips to help you create ultra-strong passwords
1. Your password should be long and complex. Microsoft recommends at least 14 characters. Use a mix of upper and lower case characters, numbers and punctuation. The greater the variety, the better.
2. Don’t use whole words which appear in the dictionary (any language), even spelt backwards or abbreviated, or common sequences of numbers.
3. Don’t use your own birthday or passport number, or that of anyone in your family.
4. A good method is to write a whole sentence – but in code. Do it like this:
- Choose a phrase that is meaningful for you and which you won’t forget – for example, “I want to go home at 5 o’clock today”.
- Turn your sentence into a series of letters, by using the first letter of each word: “iwtgha5oct”.
- Make only some of the letters (e.g. those in the first half of the alphabet) upper case: “IwtGHA5oCt”.
- Spell a word like “to” as a number: “Iw2GHA5oCt”.
- Use @ instead of “at”: “Iw2GH@5oC”.
- Put two more numbers you will remember in the middle: “Iw2GH19@5oC”.
- Add punctuation: “Iw2GH19??@5oCt” (14 characters)
How to memorise passwords
In a 2007 survey of 3,000 people, almost a third of participants under the age of 30 could not remember their own phone numbers. No wonder we end up writing our passwords on our monitor screens! We’ve simply become too reliant on quick access to technology. Unfortunately, there’s no simple solution: if you want to remember your passwords, you’ll just have to improve your memory.
But if you have a lot of passwords to remember, one thing you could try is keeping the “sentence” of the password the same, and just adding three characters from the name of the site – for example, “Iw2GH19??@5oCtYaH” (Yahoo), or “Iw2GH19??@5oCtFaC” (Facebook), or “Iw2GH19??@5oCtBaN” (bank).
Easy for you; tricky for hackers. The Microsoft Password Check rates the one we created above as “Strong”. You can probably do even better.
 Ian Robertson, Professor of Psychology at the Institute of Neuroscience and School of Psychology at Trinity College in Dublin, Ireland