1.1 Passwords
We use passwords for everything – email, banking, shopping, social media – the list is endless. When you are asked to create a password, you are advised to use a mixture of numbers, characters and letters, making up a combination that would be hard to guess.
Think about how you go about creating a password. Do you have a strategy? Do you use different passwords for different things? If so, do you have a strategy for remembering which password you’ve used? Thinking up a strong password can be difficult, especially if you are trying to create something unique. It’s a good idea to assess the strategies you use to do this.
Activity 2 Creating a ‘strong’ password
Think of a few passwords and spend five minutes testing them out on the password checker below. Doing this will help you to understand what makes a strong password.
Password checker [Tip: hold Ctrl and click a link to open it in a new tab. (Hide tip)]
For security reasons, do not use your current passwords.
In the box below, note down how successful you were.
Discussion
The password checker will indicate the strength of your password, when you first try it. The exercise might have highlighted that you need to strengthen your password. Even if you found that your passwords are strong, a few additional tips could help you to improve them further.
Now watch the video below, which provides some tips for improving the strength of your passwords.
Transcript
Hello everybody, I’m Paul Ducklin, and this is a two-minute tutorial on How to pick a proper password. Number one. Make your passwords hard to guess. The crooks have dictionaries, books, movie scripts, song lyrics, Facebook, Twitter, and much more. So avoid passwords based on nicknames, birthdays, quotations, pets, anything of that sort. And don’t forget that easy passwords don’t get harder if all you do is add some digits on the end. Password cracking programmes can do that as well. Point two. Go as long and complex as you can. Random, eight-letter passwords look pretty tough, with 26 to the power 8 possibilities. That’s a whopping 200 hundred billion.
But a password cracking server costing less than $20,000, under ideal circumstances, can try out more than 100 hundred billion passwords each second. So mix together uppercase, lowercase, digits, and punctuation. And aim for 14 characters or even longer. That may look terribly complicated, but you can make up a little saying to help you out. If you don’t like that approach, some people take several unusual words and combine them into a meaningless phrase, like the XKCD cartoon’s famous correct horse battery staple password. But watch out for words that relate obviously to you. They do need to be unusual. And point three. Consider using a password manager. Examples include LastPass, KeePass, and 1Password.
Password managers can make up complex, random nonsense for each account, plus they remember which password goes with what website. That also helps protect you from phishing, because you can’t put the right password into the wrong page. But do remember, you will need a really good password for the password manager itself. So let’s go over the points again. One, make your passwords hard to guess. Two, go as long and complex as you can. Three, consider using a password manager. And no, we haven’t forgotten. Number four. One account, one password. Don’t reuse passwords. Don’t make things easy for the crooks. And until next time, stay secure.
Here are Paul Duckin’s top tips on how to pick a proper password. Paul is a computer security expert at the cyber security firm Sophos:
- Make your passwords hard to guess – avoid passwords based on nicknames, birthdays, quotations or the names of pets
- Go as long and complex as you can – aim for 14 characters or longer, and mix together different letters, numbers and punctuation marks such as ! or $. Or you can take several unusual words and combine them into a meaningless phrase.
- Consider using a password manager – these can help you make up random complex passwords and remember which password goes with which website. If you use a password manager, you will need a really good password for the manager itself.
- Don’t re-use passwords for different accounts – use a different password for each account
Activity 3 Re-thinking your password
Consider the passwords you were trying in Activity 2 and try to improve on them by following the advice above. Check them in the Password checker.
Remember not to use your real password.
Use your reflective journal to make a note of the techniques you used to make a strong password.
Discussion
The video should have provided you with some tips on how to improve your password.
Software for
For some kinds of information, such as online banking, even strong passwords aren’t secure enough. Passwords alone can be subject to attack and leave your information vulnerable.
A number of companies, including Facebook, Google, Microsoft, Apple and eBay, support a system known as ‘
It is worth finding out whether two-factor authentication is available on sites you use. In general, if a site requires a strong password or offers two-factor authentication, it is more likely to be trustworthy.
1 E-safety