Following on from last week’s article, where eBay suggested to 145 million users that they change their passwords after a potential IT security breach, I felt it was appropriate cover passwords in this week’s article.

Being really honest, ‘us humans’ struggle to manage access to multiple devices, with multiple accounts, and different password regimes. It’s all too tricky remembering all these, so one convenient password keeps it ‘simples’. Right? Wrong of course.

Passwords need to be ‘strong’, but what does this mean? Well, let’s look at a ‘weak’ password first. If your password is less than seven characters long, and only consists of letters a-z it is deemed as being weak. Really weak in fact. This password could be hacked in less than 5 seconds, if a system allowed unlimited attempts at logging in. This type of attack is called ‘brute force’, and is literally an attempt at every possibly combination of letters and dictionary words. There are even software tools and pre-built lists of passwords and dictionary terms hackers can download, saving them time and effort!

Most well-written software allows 3-5 failed login attempts before the account is ‘locked-out’ for a number of minutes, or until an administrator has been authorised to re-activate the account. Check the systems that you use at home and in your business, and ask the supplier how many failed logins will trigger the account to be deactivated.
Each year a list of the top passwords is published. The passwords ‘123456’ and ‘password’ are always at the top of the list. Some users have spotted this and changed their password to ‘1234567’, which is no more secure than their previous attempt.

What is needed is password using a combination of letters, upper and lower case, numbers and characters such as hash and brackets or exclamation marks. Something like ‘[email protected]!” is pretty strong. It needs to be 10 or more characters in length too.

And please – use a different password for each account, just in case.