Whenever you go online, you will always have to announce who you are. In everyday life, that’s usually straightforward: Your visual identity is enough in face-to-face encounters, your voice is a great help in phone calls, and your address and other personal details are useful in written communications. But online it’s easier to remain anonymous. So whether you’re playing in an online casino, sending e-mails or hanging out with your friends on social media, you will always need a password to confirm your identity before you start. But anyone could type in that information and pretend to be you. So how can you keep that vital password secure?
Another Facebook Failure
You’re not the only one facing this dilemma. Facebook have had a number of issues with privacy, misuse and security, and now another problem has just come to light. It seems the Internet giant has discovered a bug in its password management routines. As a result, Facebook reports that hundreds of millions of passwords used on the Facebook, Facebook Lite, and Instagram platforms have been saved internally in a plaintext format – in some cases since 2012. Such data would normally be stored in an encrypted form to prevent staff and others gaining unauthorised access.
Although Facebook have rectified the bug and say they can find no evidence of any actual abuse, the fact remains that sensitive data was left unprotected. Thus it would always have been easy for any Facebook employee to harvest a phenomenal amount of data, which would undoubtedly have a significant black market value. Facebook don’t have large numbers of security breaches, yet as recently as September, 2018, a data hack stole information from 30 million Facebook users.
Best Password Practices
Your best data security protection is a strong password that is difficult to guess or hack. One preferred method of doing this is to create a sentence you will find easy to memorise and recall. The subject could be describing an important event, detailing your favourite location, or something else like a difficult sentence you know well in a foreign language.
Next, combine word segments from your original material to form a new string of characters. This new element must be at least 8 characters in length, and preferably more. Longer passwords are invariably harder to crack, but many websites will have their own character limits. Your aim is to produce something you could remember which is derived from an original phrase you could never forget. It helps to make your new combination a little random – so, for example, don’t just use every word’s first letter. You should end up with something perhaps nonsensical which nevertheless has a memorable resonance.
To increase security, you should mix the text case by including two capital letters which ‘fit’ the logic of your material. Some websites may demand this anyway and also ask for numbers and/or special characters too. So a sensible option might be to digitise words (4 instead of four) and maybe turn numbers into words (too in place of 2).
As a very simple example, suppose your memorable phrase was: Do You Know The Way To San Jose? You could render that as dyNotwtSJ? Using “No” for “Know” gives a ten-character password including capitals which is not obvious but remains logical to you. Exchanging “2” for “To” then adds a numeric element to give dyNotw2SJ? Which retains the flavour of your original, yet would be hard to crack.
Your house key lets someone enter your house and your car key lets someone drive your car. And likewise, in digital terms, your two most important digital keys are the passwords to your e-mail and social media accounts. Once a hacker gets hold of your e-mail password, they can then follow the “forgot your password?” route on many websites. That may allow them to access your online banking arrangements, shopping accounts on Amazon and elsewhere, and much else besides. And if your social media account was hacked, your friends and contacts could find themselves bombarded with scams, or they may receive requests from “you” asking for large amounts of cash.
So in the same way that you keep your most important physical keys secure, you must always do the same with your digital keys.
Some Password Do’s and Dont’s
– share your passwords. You’re lending the keys to your digital life.
– use ‘lazy’ passwords anyone can guess e.g. ‘password’, ‘qwerty’ ‘123456’ etc.
– incorporate personal information e.g. birthdays, family or pet names, telephone numbers etc.
– use a complete single word. No matter what the language, it can be easily hacked.
– use different passwords for different sites.
– change your passwords from time to time.
– create edited and abbreviated versions of an easily remembered phrase, preferably including mixed cases, numbers and special characters.
– consider using a central password manager program to manage all your passwords.