We’re asked to think of new ones so often that most people use the same password for everything. That’s not really the cleverest idea, but in reality it’s what happens when you have so many to remember.
I tend to group things, so I’ll have one secure password for my banks, another for emails and another for retail sites, this way if a site I use gets compromised I don’t have to change the password on every site I use, just the ones in that group.
The important thing is they’re all fairly long and include capital letters, numbers and special characters (eg £, @, * and &).
Think of upper case letters (A-Z), lower case letters (a-z), numbers (0-9) and special characters each as separate groups. Every time you dip into another extra group for a character, you’re exponentially increasing the complexity of your password.
So the more groups you select from, the harder it becomes for someone to “brute force” it – that means cracking your password by trying every possible combination.
But it’s got to me something you can remember. One good password creation technique is to think of a memorable phrase, perhaps from a favourite film or book.
Then capitalise the first letter of each word and replace some letters with similar-looking numbers or special characters.
Finally, put another special character on the end. You then have a password that’s very easy to type and very easy to remember but almost impossible to break.
Let’s think of an example –“King of the world” from the film Titanic. Using our method it will be something like K1ngOfThW0rld@.
We always recommend having passwords with more than 12 characters, because by that point you’re getting into the billions of possible combinations.
We also recommend a free product called LastPass that encrypts and stores passwords for you. We use a paid-for version that enables you to share work passwords with colleagues.
You can generate very long, totally random passwords and don’t need to remember them, you just remember one password for LastPass. It’s web-based, so you can get access from your PC, laptop and phone.
When a new recruit walks into the office the temptation could be to share passwords with them by email. However, email isn’t a completely secure method of communication and so this should be avoided.
It’s better to share them out on a one-to-one basis. When setting up a new employee account it’s best to create the password while they’re there and then there’s no need for any sharing at all.
You should also make sure all employees know passwords shouldn’t be shared by email.
Talk to Giraffe about how we can help with all aspects of IT, including your organisation’s internet security.