The importance of a good password

Oct 19, 2012


timthumb.php

Online security has been featured in the news more over the past year than I think a lot of people like.
Hacking groups (such as LulzSec) have been targeting high profile companies (including Dropbox, Sony, Valve, et al) and (among other sinister things) have been releasing millions of rows of customer’s data have been released into the public domain.

Thankfully, this has highlighted the importance of good security for technology companies all over the world, some of which are taking the threat seriously and beefing up their own security as a result.

But a chain is only as strong as it’s weakest link, and more often than not, the weakest link is a user’s password.

[youtube=http://www.youtube.com/watch?v=St7fiU1WLps&w=460]

In my job as a Web developer I’m often given the login details for many of our customer’s accounts, anything from hosting, email and social media accounts right up to e-commerce payment gateways, and more often than not, (if I’m allowed to be frank for a moment) the passwords on these accounts are abysmal.

Some of them are so bad, they’re the equivalent of Manchester United using ‘football’ as a password, or The Coca-Cola Company using ‘c0ke’ (substituting a letter for a number – such as replacing an I with a 1 – is not making a password secure.)

What constitutes a good password?

There is a lot of advice on choosing a good password, and even a range of tools that can help generate them, but it mostly boils down to choosing a password that will be difficult to guess, and with enough characters (and special characters) that a brute force attack would be endless.

All of this advice is worthless, however, if even after choosing a good and secure password, you use the same password on everything you sign-up for, or if you write it down on a piece of paper next to your desk.

How am I supposed to remember all these passwords?

As I mentioned before, I have to keep track of the login details for many of our customers, and as such it is my responsibility to keep these passwords secure. To help with this I use a piece of software called KeePass:

KeePass is a free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish).

KeePass isn’t the only solution, others such as LastPass and PasswordGenie (seen below) exist, but keepass has worked well for me for a number of years.

Anyway, I hope this post has been useful to you (and I hope I start to see some more secure passwords from our customers), but in the meantime, let me leave you with this interesting PasswordGenie infographic:


The Update: January Edition

The Update: January Edition

January is always a busy period for the team here at GHOST, a lot of clients hit the new year running with various goals and targets that our design collateral can help them achieve. 

The Update: December Edition

The Update: December Edition

We’ve been busy this December helping our clients get ready for the festive period in various ways from creating custom chocolate box sleeves…