Create and keep track of secure passwords

Passwords have been used for thousands of years, from the simple watchwords used by Roman gatekeepers to differentiate friend from foe to the ‘flash/thunder’ challenge and response employed by Allied paratroopers during the Normandy landings.

Today just about every website that offers a personal account requires you to log in using a password. This is fine if you only use one or two websites, but if you use dozens of websites that require a password it can be tempting to use a single password for them all.

In this article, we’ll show you how to create and track strong, unique passwords for each of your accounts online while keeping them simple to remember.

Choose carefully
Website owners generally spend a lot of time and money on good security, so if an intruder wants to gain access to an online bank or email account, they are going to have to do so by knowing ­ or guessing ­ the account password. This makes it worth thinking carefully about how to choose a password that’s not easy to guess.

For instance, it’s not a good idea to use a word found in the dictionary; this immediately opens up the possibility of a ‘brute force’ or ‘dictionary’ attack, in which a would-be intruder will use software to bombard a website with an endless list of words until the correct one is found. Some people have tried to avoid this by replacing letters with numbers (turning ‘password’ into ‘p455w0rd’, for example) but attackers are aware of this trick and will usually try these too.

Similarly, it’s vital not to choose something so simple or obvious that everyone else could know. This includes using the name or date of birth of someone you know or any person you might admire. Phone numbers or car registration numbers are also a bad idea ­ - remember there will be people out there who know these details about you.

You will hopefully be thinking that this all sounds fairly obvious, yet evidence exists to suggest that users are being blasé when choosing a password. In 2006, a phishing website captured over 35,000 usernames and passwords before it was shut down. Among the top 20 most commonly used passwords were ‘myspace1’, ‘password1’, ‘football1’, and, most alarmingly, ‘password’.

Microsoft also conducted a study of password characteristics in 2007, noting that even with online payment site Paypal, an incredible 78 per cent of passwords were made up of only lower-case letters, making them weak and susceptible to attack.

A matter of characters
So what makes a good password? The first rule is length. Make sure whatever you choose is at least eight characters long; Microsoft suggests 14 characters as an ideal length and says that a 15-character password composed of random letters, symbols and numbers is around 33,000 times more secure than one created using only letters.

Longer passwords also become harder for someone to read over your shoulder if you ever need to use them in a public place.

The second rule is to mix up different types of symbols. The best passwords contain at least one lower-case letter, one upper-case letter, a number and a symbol. Nearly all passwords are case sensitive so, even if you were to use a coherent word, adding the odd capital letter would increase security as well as significantly increasing the time needed to perform a successful brute-force attack.