One size doesn't fit all: unique passwords are key to online privacy

12 Jan, 2015

Just like in real life, there's no such thing as absolute security online. Nonetheless, one can improve one's odds with the best passwords possible. But the best ones are often the ones that are hardest to remember. That means coming up with some tricks to remember complicated strings of letters and numbers or turning to services like password managers that help people store the codes for later recall.
First, do not use regular words, names or phrases.
"Hackers have tools that automatically try out entire dictionaries of words," warns Germany's Federal Office for Information Security (BSI). But that makes it harder for people to come up with good passwords.
Consequently, it's not unusual for a person to use the same password for 10 different accounts.
After all, how can a person be expected to remember dozens of passwords, especially when each is recommended to be composed of eight to 12 characters and mix lower-case and upper-case letters with special symbols?
Groups like the BSI recommend basing passwords on sentences that can be turned into easily remembered acronyms.
Thus, "My password has 12 characters and is 99 per cent safe" becomes Mph12c&i99%s. Bear in mind that this is only an example, and since it has now been published in a newspaper, it's not safe any more.
A truly secure password will be one you create yourself.
This kind of system is also easily built upon to include multiple accounts. "My eBay password has ..." becomes "MeBph..." and "My Facebook password has ..." becomes "MFph..." and so on. Changing the passwords every three months or so provides even more safety.
Password managers are another alternative.
"They store and encrypt multiple access codes like user-names and passwords," says Marc Fliehe of the German IT industry association Bitkom. Users then have to pick one extra-safe master password.
The encrypted passwords are then stored on a PC, a USB stick or the cloud, the last of which allows access from both home and the office.
If the sensitive data is stored on a USB stick, then the manager tool can only be used when the stick is installed. It also means the password manager has to be installed on all computers used.
That's why some have opted for a portable password manager, which stores the entire programme, as well as the encrypted access codes, on a stick, making it accessible everywhere.
"If you want to be extra safe, you should only use your password manager on computers that you trust and that are protected from malware like viruses, Trojans or keystroke loggers," adds Fliehe.
Keyloggers are programmes that track every keystroke made on a machine and then transmit the data.
"That means a password is in danger as soon as you use a password manager and enter your master password," says Fliehe.
Always remember that shortcuts like storing passwords online means reduced security. Hackers have easier access to servers than to USB sticks you keep on your person. On the other hand, it's harder to lose data online, as one might lose a stick.
"If you want to be really safe, you can memorise your passwords for vital functions like email and online banking and only use the password manager for additional services," notes Fliehe.

Read Comments