Some Strong Tweets on Specifically Passwords
Treat passwords as top-secret info – don’t share & make them hard to guess by including letters, numbers & symbols.
What Really makes a good password?
For starters, some computer security experts say that password length is more important than complexity, which means that a 16-character memorable password like “ilovemysportscar” is more difficult to guess than an eight-character unmemorable password like “T9$ey!!q”. This is because there are far more total possible combinations of 16 characters than eight, meaning malicious software must take longer to hunt through all the possible options to find the correct password. One survey found that 22% of “strong” eight-character passwords that contained numbers and symbols could be cracked after 10 billion guesses – compared with only 12% of 16 character passwords.
In his book How to Predict The Unpredictable, the author William Poundstone proposes other tips, such as including avoiding obvious number substitutions – most people substitute the letter “I” with a “1”, for example, which creates a false sense of security. Better would be to create a seemingly random string from the first letters of a phrase you have memorised. (As an illustration, the previous sentence in this paragraph could become: “bwbtcasrsftfloapyhm”).
Alternatively, you might choose a random string of letters and numbers, and use it to create a nonsense sentence. So, the (admittedly too short) password “RPM8t4Ka”, explains Poundstone, might become “Revolutions Per Minute, 8 track for Kathy”.
“I don’t know what it means,” he writes, “but I do know it’s fairly easy to remember.
OK, that’s my email password changed. Am I safe now?
Not completely. Even a 16-character password is useless if you inadvertently hand it over to a hacker. Unfortunately, that’s all too easily done. Use an unsecure wi-fi hotspot, for example, and an eavesdropper on the same hotspot can easily monitor your internet activity and read your passwords. If you’re not prompted to enter a password to access a wi-fi hotspot, there’s a good chance it isn’t secure. It’s probably best to restrict your online activity to basic browsing on these wi-fi hotspots, and perform more sensitive actions (checking email, uploading data to the cloud) on your home wi-fi or using your phone’s secure data network – look for the 3G or 4G symbol on your screen.
You can actually go one step further for minimal extra fuss. Install a virtual private network (VPN) app on your phone, switch it on when you’re on a wi-fi hotspot and it will essentially make it more secure: the app scrambles all of the data from your online activity – including the passwords you use to check email – in a way that makes it unintelligible to eavesdroppers.VPNs aren’t free, though, so privacy comes with a price.
Take in consideration of the following facts while creating your secure password
But there is another way to gain access to someone’s account, no matter how strong their password is. If you know the person’s username, you can ask the service provider to reset their password using the “forgot my password” function. To work this particular trick a hacker needs to know a little information about the person whose account they are trying to access – things like their date of birth, their mother’s maiden name, or the first school they attended – so they can guess the answers to the security questions that must be answered to reset the password.
The above have been compiled in reference to the following resources:
To find out more about online security, check out at the World-Changing Ideas Summit in New York on 21 October. BBC Future will be covering the event in full – so watch this space.