Don’t be the Victim of a Sloppy Password

Don’t be the Victim of a Sloppy Password

People are very unimaginative when it comes to choosing passwords. They use names of family members or pets, characters from books or films, dates of birth and stupid obvious words like 'password', 'abc123' and 'letmein'. You don't have to be a criminal mastermind to work out passwords like these.

As identity theft is a lucrative and fast growing industry, don't you think it's a good idea to put more thought into choosing your passwords? The Credit Industry Fraud Avoidance Service (CIFAS) says there was 108,500 cases of identity fraud reported to them in 2013. It's 2015 now, so I don't think that figure will have shrunk.

They estimate the cost of identity fraud in the UK at more than £3.3 billion a year. (I did say it was lucrative.) Fancy a career change? If you are, the good news is in the UK identity fraud is not a crime. The bad news is profiting from it is. Worth the risk? I'll leave that for you to decide.

Not all identity fraud can be put down to weak passwords, but taking a few simple steps to strengthen your passwords can help you avoid adding to these statistics.

Mnemonics

Mnemonics are memory devices that help people recall larger pieces of information. For example, you may take yourself on a familiar journey to try and remember the words to a speech. Attaching words or phrases to particular sections of the journey and things you see on the way.

Then when it's time to give the speech you recount the journey and the hooks you've used help you recall the speech. You can read much more about the mnemonics memory journey on AcademicTips.org.

How to Choose a Password

You can create memorable, yet hard to guess passwords with a similar method. We all have hundreds of little routines we do everyday and know inside out. For example, you might say "When I get up I brush my teeth and shave."

Start by taking the first letter of each word:

WIGUIBMTAS

Immediately you have a non-dictionary word that would be very hard for anyone to guess. Without destroying it's memorability, you can make it even more secure:

WiGUiBMT&$

The 'I's' have been changed to lower-case 'i's'. The 'A' for 'and' has been changed to an ampersand (&) and the 'S' to a dollar ($). Now you have a mixture of upper case and lower case letters and non-alpha numeric characters. Obviously, there are many other ways to encode this password, but using a process like this will make it memorable and very hard to crack. Unless you write it on a post-it-note and tape it to your monitor.

Ideally, you should have different passwords for different websites and applications. As you may need dozens or even hundreds of passwords, you need a system to vary it. Using a numeric system would be one option.

Something like this may work for you: WiGUi1001BMT&$, WiGUi1011BMT&$ and so on. Adding a number after the second 'i'. I've picked a four digit number and just gone up in tens. You can play around like this to create something that works for you.

I realise, even with a memorable system, having multiple variations of the same password can still get confusing. After all, how will you remember which version you've used on which site or application? More Mnemonics is one way, or you could cheat and use a password manager like mSecure.

mSecure works on Windows and Mac as well as across a variety of mobile devices. Passwords can be synched across all the devices you have mSecure installed on. Your passwords are encrypted and a master password is used to access all your passwords. mSecure isn't the only password manager out there, but I've been using it for a few years now and find it a massive help. Search Google for 'Password Manager' for more options.

Changing Passwords

You may think now you have your new secure password your work is done. No need to change it as it's a tough one to crack. Well, if you thought that, you'd be wrong. Even though the weakest link with a password is normally people, sometimes things go wrong. A recent example is the Heartbleed bug. Many websites use OpenSSL to encrypt the connection between the server and the user. A venerability in OpenSSL was discovered and exploited leading to millions of passwords and user details being exposed to hackers.

Databases with millions of these exposed passwords were compiled then dumped and sold on the Internet. Such information could enable identity thieves to, for example, login to your Facebook account. Once in, it's possible to gather enough information to steal your identity. (Name, date-of-birth, profile photo and address is about all that's required). Do you have those details in your Facebook profile?

The point I'm making is that when such a breach happens, the first thing you must do is change your password. When the hacker then tries to use your login credentials, they won't work. If you get into the habit of changing your password regularly, perhaps once a month, you minimise the chances of being hacked because of a technical problem that exposed your password.