1.1 Passwords
We use passwords for everything – email, banking, shopping, social media – the list is endless. When you are asked to create a password, you are advised to use a mixture of numbers, characters and letters, making up a combination that would be hard to guess.
Think about how you go about creating a password. Do you have a strategy? Do you use different passwords for different things? If so, do you have a strategy for remembering which password you’ve used? Thinking up a strong password can be difficult, especially if you are trying to create something unique. It’s a good idea to assess the strategies you use to do this.
Activity 2 Improving your cyber security
Without writing them down (in order to keep them secure), think about the some of the passwords you use, such as email, social media and online banking.
Now watch the video below, which provides some tips for improving the strength of your passwords.
Transcript: Video 2: Paul Ducklin: Cyber security
Hello everybody, I’m Paul Ducklin, and this is a two-minute tutorial on How to pick a proper password. Number one. Make your passwords hard to guess. The crooks have dictionaries, books, movie scripts, song lyrics, Facebook, Twitter, and much more. So avoid passwords based on nicknames, birthdays, quotations, pets, anything of that sort. And don’t forget that easy passwords don’t get harder if all you do is add some digits on the end. Password cracking programmes can do that as well. Point two. Go as long and complex as you can. Random, eight-letter passwords look pretty tough, with 26 to the power 8 possibilities. That’s a whopping 200 hundred billion.
But a password cracking server costing less than $20,000, under ideal circumstances, can try out more than 100 hundred billion passwords each second. So mix together uppercase, lowercase, digits, and punctuation. And aim for 14 characters or even longer. That may look terribly complicated, but you can make up a little saying to help you out. If you don’t like that approach, some people take several unusual words and combine them into a meaningless phrase, like the XKCD cartoon’s famous correct horse battery staple password. But watch out for words that relate obviously to you. They do need to be unusual. And point three. Consider using a password manager. Examples include LastPass, KeePass, and 1Password.
Password managers can make up complex, random nonsense for each account, plus they remember which password goes with what website. That also helps protect you from phishing, because you can’t put the right password into the wrong page. But do remember, you will need a really good password for the password manager itself. So let’s go over the points again. One, make your passwords hard to guess. Two, go as long and complex as you can. Three, consider using a password manager. And no, we haven’t forgotten. Number four. One account, one password. Don’t reuse passwords. Don’t make things easy for the crooks. And until next time, stay secure.
Consider your passwords again, and try to improve on them by following the advice in the video.
You can find lots more advice online about passwords and other aspects of cyber security. Take some time to look over these resources (make sure to open the links in a new tab/window):
https://www.ncsc.gov.uk/ blog-post/ secure-home-working-personal-it [Tip: hold Ctrl and click a link to open it in a new tab. (Hide tip)]
Feedback
Use your Digital plan to make a note of the techniques you can start using immediately to make stronger passwords (but don't make a note of your actual passwords!), and any other steps you could take to upgrade your internet security.
Software for hacking passwords is getting more sophisticated and can find your password by repeatedly attempting to log in to your account. A computer program, using an algorithm, can work through thousands of dictionary words and letter combinations in a matter of minutes. This is why it is so important to ensure that your password is hard to guess. An additional measure is to change your password every few months.
For some kinds of information, such as online banking, even strong passwords aren’t secure enough. Passwords alone can be subject to attack and leave your information vulnerable.
A number of companies, including Facebook, Google, Microsoft, Apple and eBay, support a system known as ‘two-factor authentication’. This is where the user is required to enter two pieces of information before they can log in. Two-factor authentication is called different names by different websites, for example, Facebook calls it ‘login approvals’. If you are a Facebook user, you may have come across this when logging into Facebook from a new computer.
It is worth finding out whether two-factor authentication is available on sites you use. In general, if a site requires a strong password or offers two-factor authentication, it is more likely to be trustworthy.