The Times Australia
The Times World News

.
The Times Real Estate

.

This New Year, why not resolve to ditch your dodgy old passwords?

  • Written by Paul Haskell-Dowland, Professor of Cyber Security Practice, Edith Cowan University
This New Year, why not resolve to ditch your dodgy old passwords?

Most of the classic New Year resolutions revolve around improving your health and lifestyle. But this year, why not consider cleaning up your passwords too?

We all know the habits to avoid, yet so many of us do them anyway: using predictable passwords, never changing them, or writing them on sticky notes on our monitor. We routinely ignore the recommendations for good passwords[1] in the name of convenience.

What’s wrong with your pa$$w0rd?

Choosing short passwords containing common names or words is likely to lead to trouble. Hackers can often guess a person’s passwords simply by using a computer to work through a long list of commonly used words.

The most popular choices[2] have changed very little over time, and include numerical combinations such as “123456” (the most common password for five years in a row), “love”, keyboard patterns such as “qwerty” and, perhaps most ludicrously, “password” (or its Portuguese translation, “senha”).

2017-2019* list of common passwords from SplashData, 2020-2021# from NordPass.

Experts have long advised against using words, places or names in passwords, although you can strengthen this type of password by jumbling the components into sequences with a mixture of upper- and lowercase characters, as long as you do it thoroughly.

Read more: A computer can guess more than 100,000,000,000 passwords per second. Still think yours is secure?[3]

Complex rules often lead users to choose a word or phrase and then substitute letters with numbers and symbols (such as “Pa33w9rd!”), or add digits to a familiar password (“password12”). But so many people do this that these techniques don’t actually make passwords stronger.

It’s better to start with a word or two that isn’t so common, and make sure you mix things up with symbols and special characters in the middle. For example, “wincing giraffe” could be adapted to “W1nc1ng_!G1raff3”

Read more: Choose better passwords with the help of science[4]

These secure passwords can be harder to remember, to the extent you might end up having to write them down. That’s OK, as long as you keep the note somewhere secure (and definitely not stuck to your monitor).

Passwords on a sticky note are still a bad idea in the workplace.

Reusing passwords is another common error – and one of the biggest. Past data leaks, such as that suffered by LinkedIn in 2012[5], mean billions of old passwords are now circulating among cyber criminals.

This has given rise to a practice called “credential stuffing[6]” – taking a leaked password from one source and trying it on other sites. If you’re still using the same old password for multiple email, social media or financial accounts, you’re at risk of being compromised.

Pro tip: use a password manager

The simplest and most effective route to good password hygiene is to use a password manager[7]. This lets you use unique strong passwords for all your various logins, without having to remember them yourself.

Password managers allow you to store all of your passwords in one place and to “lock” them away with a strong level of protection. This can be a single (strong) password, but can also include face or fingerprint recognition, depending on the device you are using. Although there is some risk associated with storing your passwords in one place, experts consider this much less risky than using the same password for multiple accounts.

The password manager can automatically create strong, randomised passwords for each different service you use. This means your LinkedIn, Gmail and eBay accounts can no longer be accessed by someone who happens to guess the name of your childhood pet dog.

If one password is leaked, you only have to change that one – none of the others are compromised.

There are many password managers[8] to choose from. Some are free (such as Keepass) or “freemium” (offering the option to upgrade for more functionality like Nordpass), while others charge a one-off fee or recurring subscription (such as 1Password). Most allow you to securely sync your passwords across all your devices, and some let you safely share passwords between family members or work groups.

You can also use the password managers built into most web browsers or operating systems (with many phones offering this functionality in the browser or natively). These tend to have fewer features and may pose compatibility issues if you want to access your password from different browsers or platforms.

Hands holding a smart phone
Your smartphone probably has its own built-in password manager, so why not take advantage of its ability to create strong passwords. Franck Robichon/EPA

Password managers take a bit of getting used to, but don’t be too daunted. When creating a new account on a website, you let the password manager create a unique (complex) password and store it straight away – there’s no need to think of one yourself!

Later, when you want to access that account again, the password manager fills it in automatically. This is either through direct integration with the browser (typically on computers) or through a separate application on your mobile device. Most password managers will automatically “lock” after a period of time, prompting for the master password (or face/finger verification) before allowing access again.

Protect your most important passwords

If you don’t like the sound of a password manager, at the very least change your “critical” account passwords so each one is strong and unique. Financial services, email accounts, government services, and work systems should each have a separate, strong password.

Even if you write them down in a book (kept safely locked away) you will significantly reduce your risk in the event of a data breach on any of those platforms.

Remember, however, that some sites provide delegated access to others. Many e-commerce websites, for example, give you the option of logging in with your Facebook, Google or Apple account. This doesn’t expose your password to greater risk, because the password itself is not shared. But if the password is compromised, using it would grant access to those delegated sites. It is usually best to create unique accounts - and use your password manager to keep them safe.

Read more: Facebook hack reveals the perils of using a single account to log in to other services[9]

Adopting a better approach to passwords is a simple way to reduce your cyber-security risks. Ideally that means using a password manager, but if you’re not quite ready for that yet, at least make 2022 the year you ditch the sticky notes and pets’ names.

Read more https://theconversation.com/this-new-year-why-not-resolve-to-ditch-your-dodgy-old-passwords-172598

The Times Features

Best Deals on Home Furniture Online

Key Highlights Discover the best deals on high-quality outdoor furniture online. Transform your outdoor space into a stylish and comfortable oasis. Explore a wide range of d...

Discover the Best Women's Jumpers for Every Season

Key Highlights Explore lightweight jumpers for spring and summer, ensuring breathability and ease. Wrap up warm with cozy wool jumpers for the chilly autumn and winter season...

Uncover the Elegance of Gorgeous Diamond Tennis Necklaces

Key Highlights Diamond tennis necklaces are a timeless piece of jewelry that exudes elegance and sophistication. They feature a continuous line of brilliant-cut diamonds, cre...

Dental Implants vs. Dentures: Which Is Better for You?

When it comes to replacing missing teeth, two of the most common options are dental implants and dentures. Both have their advantages and disadvantages, so choosing between them ...

What Neck Pain Really Means (And Why It’s More Than Just Poor Posture)

Neck pain is often brushed off as something temporary — a tight spot after a long day at the desk or a poor night’s sleep. But when the discomfort keeps returning, it could be a ...

The Work of Gosha Rubchinskiy: Fashion, Culture, and Youth

From Designer to Cultural Architect Gosha Rubchinskiy is not just a fashion designer—he's a cultural force. Born in Moscow in 1984, Rubchinskiy began his career in fashion in t...

Times Magazine

The Essential Guide to Transforming Office Spaces for Maximum Efficiency

Why Office Fitouts MatterA well-designed office can make all the difference in productivity, employee satisfaction, and client impressions. Businesses of all sizes are investing in updated office spaces to create environments that foster collaborat...

The A/B Testing Revolution: How AI Optimized Landing Pages Without Human Input

A/B testing was always integral to the web-based marketing world. Was there a button that converted better? Marketing could pit one against the other and see which option worked better. This was always through human observation, and over time, as d...

Using Countdown Timers in Email: Do They Really Increase Conversions?

In a world that's always on, where marketers are attempting to entice a subscriber and get them to convert on the same screen with one email, the power of urgency is sometimes the essential element needed. One of the most popular ways to create urg...

Types of Software Consultants

In today's technology-driven world, businesses often seek the expertise of software consultants to navigate complex software needs. There are several types of software consultants, including solution architects, project managers, and user experienc...

CWU Assistive Tech Hub is Changing Lives: Win a Free Rollator Walker This Easter!

🌟 Mobility. Independence. Community. All in One. This Easter, the CWU Assistive Tech Hub is pleased to support the Banyule community by giving away a rollator walker. The giveaway will take place during the Macleod Village Easter Egg Hunt & Ma...

"Eternal Nurture" by Cara Barilla: A Timeless Collection of Wisdom and Healing

Renowned Sydney-born author and educator Cara Barilla has released her latest book, Eternal Nurture, a profound collection of inspirational quotes designed to support mindfulness, emotional healing, and personal growth. With a deep commitment to ...

LayBy Shopping