The Times Australia
The Times World News

.
Times Media

.

This New Year, why not resolve to ditch your dodgy old passwords?

  • Written by Paul Haskell-Dowland, Professor of Cyber Security Practice, Edith Cowan University
This New Year, why not resolve to ditch your dodgy old passwords?

Most of the classic New Year resolutions revolve around improving your health and lifestyle. But this year, why not consider cleaning up your passwords too?

We all know the habits to avoid, yet so many of us do them anyway: using predictable passwords, never changing them, or writing them on sticky notes on our monitor. We routinely ignore the recommendations for good passwords[1] in the name of convenience.

What’s wrong with your pa$$w0rd?

Choosing short passwords containing common names or words is likely to lead to trouble. Hackers can often guess a person’s passwords simply by using a computer to work through a long list of commonly used words.

The most popular choices[2] have changed very little over time, and include numerical combinations such as “123456” (the most common password for five years in a row), “love”, keyboard patterns such as “qwerty” and, perhaps most ludicrously, “password” (or its Portuguese translation, “senha”).

2017-2019* list of common passwords from SplashData, 2020-2021# from NordPass.

Experts have long advised against using words, places or names in passwords, although you can strengthen this type of password by jumbling the components into sequences with a mixture of upper- and lowercase characters, as long as you do it thoroughly.

Read more: A computer can guess more than 100,000,000,000 passwords per second. Still think yours is secure?[3]

Complex rules often lead users to choose a word or phrase and then substitute letters with numbers and symbols (such as “Pa33w9rd!”), or add digits to a familiar password (“password12”). But so many people do this that these techniques don’t actually make passwords stronger.

It’s better to start with a word or two that isn’t so common, and make sure you mix things up with symbols and special characters in the middle. For example, “wincing giraffe” could be adapted to “W1nc1ng_!G1raff3”

Read more: Choose better passwords with the help of science[4]

These secure passwords can be harder to remember, to the extent you might end up having to write them down. That’s OK, as long as you keep the note somewhere secure (and definitely not stuck to your monitor).

Passwords on a sticky note are still a bad idea in the workplace.

Reusing passwords is another common error – and one of the biggest. Past data leaks, such as that suffered by LinkedIn in 2012[5], mean billions of old passwords are now circulating among cyber criminals.

This has given rise to a practice called “credential stuffing[6]” – taking a leaked password from one source and trying it on other sites. If you’re still using the same old password for multiple email, social media or financial accounts, you’re at risk of being compromised.

Pro tip: use a password manager

The simplest and most effective route to good password hygiene is to use a password manager[7]. This lets you use unique strong passwords for all your various logins, without having to remember them yourself.

Password managers allow you to store all of your passwords in one place and to “lock” them away with a strong level of protection. This can be a single (strong) password, but can also include face or fingerprint recognition, depending on the device you are using. Although there is some risk associated with storing your passwords in one place, experts consider this much less risky than using the same password for multiple accounts.

The password manager can automatically create strong, randomised passwords for each different service you use. This means your LinkedIn, Gmail and eBay accounts can no longer be accessed by someone who happens to guess the name of your childhood pet dog.

If one password is leaked, you only have to change that one – none of the others are compromised.

There are many password managers[8] to choose from. Some are free (such as Keepass) or “freemium” (offering the option to upgrade for more functionality like Nordpass), while others charge a one-off fee or recurring subscription (such as 1Password). Most allow you to securely sync your passwords across all your devices, and some let you safely share passwords between family members or work groups.

You can also use the password managers built into most web browsers or operating systems (with many phones offering this functionality in the browser or natively). These tend to have fewer features and may pose compatibility issues if you want to access your password from different browsers or platforms.

Hands holding a smart phone
Your smartphone probably has its own built-in password manager, so why not take advantage of its ability to create strong passwords. Franck Robichon/EPA

Password managers take a bit of getting used to, but don’t be too daunted. When creating a new account on a website, you let the password manager create a unique (complex) password and store it straight away – there’s no need to think of one yourself!

Later, when you want to access that account again, the password manager fills it in automatically. This is either through direct integration with the browser (typically on computers) or through a separate application on your mobile device. Most password managers will automatically “lock” after a period of time, prompting for the master password (or face/finger verification) before allowing access again.

Protect your most important passwords

If you don’t like the sound of a password manager, at the very least change your “critical” account passwords so each one is strong and unique. Financial services, email accounts, government services, and work systems should each have a separate, strong password.

Even if you write them down in a book (kept safely locked away) you will significantly reduce your risk in the event of a data breach on any of those platforms.

Remember, however, that some sites provide delegated access to others. Many e-commerce websites, for example, give you the option of logging in with your Facebook, Google or Apple account. This doesn’t expose your password to greater risk, because the password itself is not shared. But if the password is compromised, using it would grant access to those delegated sites. It is usually best to create unique accounts - and use your password manager to keep them safe.

Read more: Facebook hack reveals the perils of using a single account to log in to other services[9]

Adopting a better approach to passwords is a simple way to reduce your cyber-security risks. Ideally that means using a password manager, but if you’re not quite ready for that yet, at least make 2022 the year you ditch the sticky notes and pets’ names.

Read more https://theconversation.com/this-new-year-why-not-resolve-to-ditch-your-dodgy-old-passwords-172598

The Times Features

Back-to-School Worries? 70% of Parents Fear Their Kids Aren’t Ready for Day On

Australian parents find themselves confronting a key decision: should they hold back their child on the age border for another year before starting school? Recent research from...

Democratising Property Investment: How MezFi is Opening Doors for Everyday Retail Investors

The launch of MezFi today [Friday 15th November] marks a watershed moment in Australian investment history – not just because we're introducing something entirely new, but becaus...

Game of Influence: How Cricket is Losing Its Global Credibility

be losing its credibility on the global stage. As other sports continue to capture global audiences and inspire unity, cricket finds itself increasingly embroiled in political ...

Amazon Australia and DoorDash announce two-year DashPass offer only for Prime members

New and existing Prime members in Australia can enjoy a two-year membership to DashPass for free, and gain access to AU$0 delivery fees on eligible DoorDash orders New offer co...

6 things to do if your child’s weight is beyond the ideal range – and 1 thing to avoid

One of the more significant challenges we face as parents is making sure our kids are growing at a healthy rate. To manage this, we take them for regular check-ups with our GP...

Joykids Australia Presents the Joykids Family Rave: A Weekend Adventure Like No Other

Get ready to kick off the first day of summer and the festive season with an unforgettable family adventure! Joykids Australia is excited to announce the Joykids Family Rave—an...

Times Magazine

Apple releases iPhone 14, best deals and perks

Apple has unveiled its next generation tech and the hotly anticipated iPhone 14 with offers from Telstra, Optus and Vodafone up for grabs.Prices for the iPhone 14 line-up start at $1,399 and go up to $2,769.Finder’s Consumer Sentiment Tracker revea...

Key Tips for Great Visiting Etiquette

Visiting someone's house is a great experience and an opportunity to build a closer relationship with the host. It is also an opportunity to exchange respect, consideration within the art of positive etiquette and good manners.  Positive etiquet...

Give Dad the gift of good health this Father’s Day

According to Glenn Cross, chairman of EZZ Life Science, while Father’s Day usually triggers a frenzy of retail shopping among families desperate to buy gifts for dad to spoil him on his special day, there are many other things that families can d...

From Comfort to Control: Tips for Selecting the Best Dog Harness for Your Pet

Are you tired of your dog pulling on walks or slipping out of their collar? It might be time to switch from comfort to control with a high-quality dog harness. In this blog post, we'll discuss everything you need to know about selecting the best ha...

Innovative Strategies for Using the Wheel Spinner

For ages, the wheel spinner has been used to manufacture high-quality yarn and fabrics. It is a versatile tool that may be used to create simple yarns as well as sophisticated multi-coloured mixtures. The wheel spinner has changed as technology has...

The Benefits of Rooftop Gardens

Rooftop gardens have a long history, dating back to the ancient Mesopotamian ziggurats constructed between 4000 and 600 BC, like most things from thousands of years ago. The roof gardens created a set of steps along the stepped pyramid's outside...