The importance of a good password

Oct 19, 2012


timthumb.php

Online security has been featured in the news more over the past year than I think a lot of people like.
Hacking groups (such as LulzSec) have been targeting high profile companies (including Dropbox, Sony, Valve, et al) and (among other sinister things) have been releasing millions of rows of customer’s data have been released into the public domain.

Thankfully, this has highlighted the importance of good security for technology companies all over the world, some of which are taking the threat seriously and beefing up their own security as a result.

But a chain is only as strong as it’s weakest link, and more often than not, the weakest link is a user’s password.

[youtube=http://www.youtube.com/watch?v=St7fiU1WLps&w=460]

In my job as a Web developer I’m often given the login details for many of our customer’s accounts, anything from hosting, email and social media accounts right up to e-commerce payment gateways, and more often than not, (if I’m allowed to be frank for a moment) the passwords on these accounts are abysmal.

Some of them are so bad, they’re the equivalent of Manchester United using ‘football’ as a password, or The Coca-Cola Company using ‘c0ke’ (substituting a letter for a number – such as replacing an I with a 1 – is not making a password secure.)

What constitutes a good password?

There is a lot of advice on choosing a good password, and even a range of tools that can help generate them, but it mostly boils down to choosing a password that will be difficult to guess, and with enough characters (and special characters) that a brute force attack would be endless.

All of this advice is worthless, however, if even after choosing a good and secure password, you use the same password on everything you sign-up for, or if you write it down on a piece of paper next to your desk.

How am I supposed to remember all these passwords?

As I mentioned before, I have to keep track of the login details for many of our customers, and as such it is my responsibility to keep these passwords secure. To help with this I use a piece of software called KeePass:

KeePass is a free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish).

KeePass isn’t the only solution, others such as LastPass and PasswordGenie (seen below) exist, but keepass has worked well for me for a number of years.

Anyway, I hope this post has been useful to you (and I hope I start to see some more secure passwords from our customers), but in the meantime, let me leave you with this interesting PasswordGenie infographic:


The Update: November Edition

The Update: November Edition

The Update is a monthly newsletter we are going to start rolling out to keep up to date with all of the latest from the GHOST team.

Stem Ginger

Stem Ginger

Stem Ginger are a high end catering and event management company based in Dubai UAE and as such are our second international client this year having completed a website for the Nepal disaster relief fund in the summer. The client was after a logo that was contemporary...

Bunaken Oasis Dive Resort

Bunaken Oasis Dive Resort

Bunaken Oasis is all about luxury offering the ultimate in diving and resort living, this is a no expense spared location. The image had to be first class all the way and we did exactly that, we lucked out when it came to imagery as the client was an extremely...