Are Your Passwords Secure?

Think about all the accounts you have on the internet for a minute, banking, credit cards, PayPal, eBay, online dating, social media, personal email, home security or cctv, mobile phone, cloud file storage, the list goes on. Now think about what information they will have about you, Age, Address, Contact, Date of Birth, Bank account numbers, marital status, next of kin, sexual orientation, nationality, possible location information via GPS and much more. This is not meant to scare, but to make you realise the importance of using a secure and often-changed password system, as this in most cases is the only line of defence between your data and its theft.

How to keep secure online:

Follow these simple steps below as best practice to arm yourself against fraud and data theft, both personally and within your organisation:

1. Don’t panic!
   Akin to the Hitchhiker’s style, in most cases your account will be well protected and account information kept secure, always err on the side of caution.
2. Make a point of setting aside time in your day, at least once or twice a year to change all those passwords you know and love.
   We all have passwords for our online banking, Paypal, eBay, Amazon, Netflix, Booking systems etc. which we have used for years as they are a nice, secure and complicated password that we know off-by-heart. This no longer matters, a secure password is one which you change regularly! Simple!
3. Do what you can to ensure your office systems and passwords are safe.
   Ensure you or your IT support have set a reasonable Password policy in place on your servers. One which will force your users into creating a complex password and that changes regularly. They may grumble at this, but it is in your organisation’s best interest to secure its data. If your website requires users to enter any personal information, ensure you have purchased an appropriate SSL certificate from a recognised provider and implemented it.
4. Don’t share or write down your passwords.
   It sounds simple but paper can get lost or find its way out of the office or allow non-authorised personnel access to your organisation’s data. Ensure all users have an individual account and passwords.
5. Change your passwords regularly.
   Whether this is for your personal online banking or email, or your organisation’s social media accounts, a complex password is of no use to you if it has been compromised.

How to choose a new password:

• Start with your most important sites
  (ie. Finance-related services, banks, credit cards, mortgage accounts etc.) These will obviously contain the most information about you, and the one which would have the greatest impact, should they be compromised. Then move on to your personal email and social media accounts eg. Gmail, Live Mail, Yahoo, Facebook, Twitter etc. These will contain contact information for others and may distribute malicious software without your knowledge, exacerbating the problem and leading to further embarrassment. If you receive a web link from someone you know but are unsure whether to click on it, check it with an online link check tool like http://safeweb.norton.com/safety or http://onlinelinkscan.com/.
• For all of your important sites, do not use the same password, for obvious reasons.
• Change your passwords regularly for these sites.
  I opt for a basic approach of simply changing the last digit, but you can include the month or year etc.
• Keep it at least 7 or 8 characters
• Use a sentence if you wish: OneForTheMoneyTwoForTheShow
  Add complexity:  14TheMoney24TheShow
  Shorten and convert to a password: 14Tm24Ts
  You get the idea…
• Make it complex but memorable 
  Not like tH1s1sNOt@Go0D3x@mpLe but maybe iL1k3F1sH would be fine. Use CAPS, numbers, symbols etc. where you can.
• Always ask for help if unsure.

If you are concerned about the recent Heartbleed OpenSSL vulnerability, follow the above advice once you are confident that your service provider website has made efforts to patch their servers, otherwise you will have to repeat the exercise. You can quickly check if their website has been secured properly by using this link: http://filippo.io/Heartbleed/.

For further information or advice contact Ian Kelly by emailing: [email protected] or via twitter: https://twitter.com/nicva_ian.