Before the advent of the internet and e-commerce it’d be unusual to expect someone to need a password in order to access a good or service, but these days most people are commonly expected to memorise at least three or four. This can pose a problem as while savvy internet types are aware of the importance of choosing a word or phrase that is easy enough to remember but tricky enough for others to guess, it’s often difficult to find a satisfactory balance between the two. There’s also the possibility that no matter what password you choose it could still be read by third parties and used for malicious purposes, so what are the dangers involved in the use of passwords online and what steps can be used to guard against them?
How safe is your password?
One of the most common ways in which malicious third parties can get hold of passwords and other personal information is via identity theft. This is when software, in the form of malware or viruses, is inadvertently installed on a computer without sufficient protection and uses a “loophole” in system security to access sensitive files containing this data and send them back to the originator of the software. They can also install “keyloggers”, which record keystrokes entered on a computer that while 95% harmless, often inevitably include login information for secure sites such as online banks and merchants, together with name, address, credit card details and the passwords themselves. Phishing scams, often involving disingenuous emails that appear to be from a legitimate source, are another common way to trick users into providing personal information by requesting that this data be provided to confirm a transaction or renew a service, and these are often very cleverly worded and presented so as to be difficult to detect.
The clearest and most straightforward way to protect against these sorts of threats is to ensure that you have a modern, up-to-date security suite installed that specifically guards against identity theft and phishing attempts, and to ensure that the suite is frequently maintained in order to counter the latest virus and malware threats.
How to choose the right password
While the importance of system security cannot be overstated, all the security in the world won’t protect a password if it can be guessed easily. Since there are so many websites around that require login and password details to access a user account it’s all too common (and understandably so) to see people adopting straightforward, easy to memorise passwords that could simply be “guessed” with very little effort. A recent survey by data security firm Imperva analysed 32 million passwords to find the top-ten most commonly used. Five of the top ten were simply sequential digit strings such as “123456”, with the remaining including “password” and “abc123”.
This goes to show that while convenient, it’s certainly not a good idea to choose time-saving devices like this to facilitate easy access to a website that requires login details. In addition, most security experts advise that users avoid personal information, such as a mother’s maiden name, favourite pet, birthplace or date of birth. This is for two reasons – firstly because this sort of information is frequently used to confirm authenticity with online banks and services, and could therefore be subject to keylogging and phishing scams, and secondly because there’s a risk that someone you know, or someone who could gain access to your personal information could be the one who’s trying to log in to your account.
Most security experts (along with some websites who now demand it) advocate the use of a combination of letters and numbers in a password as well as a word that would be very difficult for a third-party to guess. This might be the name of a favourite player in a football team, (eg: Tore32 – instead of Torres) or the name of a favourite pet (eg: T4ng0 – instead of Tango). The key here is that the password should be as specific as possible and difficult to guess, and that some letters are replaced with numbers that look vaguely similar, or are a mirror or distortion of the letter being replaced. It may sound complicated, but with a bit of practice it becomes almost second nature to tweak common words in this way to generate a more difficult to predict phrase.
It’s also a good idea to change a password as often as possible, particularly in the case of sites that involve frequent or large monetary transactions such as bank accounts, online payment services and commonly used e-retailers, though it’s not usually a good idea to “rotate” a handful of passwords around as hackers can quickly build a list of common words and phrases if they have gained access to a computer.
Further ways to protect passwords and personal information
There are other steps that can be taken to both protect passwords and ensure that you have taken the precautions necessary to prevent others users from accessing sensitive information. Any web page that requests personal details should use a secure encryption protocol and this can be checked by looking for the presence of an “s” at the end of the “http://” part of a URL. A webpage that shows “https://” indicates that information entered will be encrypted and that third parties will be unable to access this data. In addition, many online email accounts, some stores and other services allow users to choose whether they are logging in from a home (and therefore, “secure”) computer or from a public location such as a library or internet café. It’s important to always check for an option to log in with enhanced security as otherwise some details (such as a username) may be retained after the session has finished and will mean that those using a public computer afterwards are already part-way towards accessing an account.
While modern security suites are very effective at safeguarding users against the kind of threats that would enable third parties to access personal data such as passwords, as always it’s important to be knowledgeable and vigilant about the sorts of threats that exist. A combination of the two is always the best practice, and in utilising these methods you’ll help ensure that personal data stays out of the wrong hands.