Passwords: Three ways to let the baddies win

To paraphrase Douglas Adams, the Internet is new. Really new. I mean, you might think space travel, computers and fridges are new, but compared to the Internet they’re positively ancient.

I know, I know. The technology historians will tell you the Internet had its roots waaaay back in the seventies, but really, for 99.9% of us, “The Web” was just a 1947 crime movie until the mid-nineties. Strictly, the “WWW” appeared in 1991, but come on – how many of you had even heard of it (let alone used it) until well into the era of Cool Britannia, New Labour and England’s agonising penalty shootout defeat at Euro 96? Exactly.

So, by my reckoning the Internet is barely 20 years old. Not much more than a teenager, in fact. Like many teenagers, it’s grown really fast. Some of the things it gets up to aren’t very savoury. And it’s always demanding attention. (Excuse me while I go check my emails, tweets and status updates…) Despite its youth, immaturity and anarchic setup, however, we all know it’s been the most runaway of runaway successes.

“Fascinating,” I hear you say, as you simultaneously stifle a yawn and check your watch / phone / tablet / blood pressure. “But I thought this was about passwords.” And so it is. The point about the Internet being new is that, by and large, it still has a culture of trust. Oh, we hear the stories of scammers, viruses and hackers but tend to assume it won’t happen to us. Regretfully, that’s a naïve assumption.

They really are out to get you

Cyberthief

Back in the “olden days” (or perhaps still, in a few remote locations), we’re told that nobody locked their front doors. Crime happened back then, of course, but generally speaking, it tended not to happen and there was that culture of trust. As time went on and burglary increased, we started locking our doors. If we didn’t, and then expected sympathy after being robbed, we’d be laughed at. Not only that, but as time went by we added more sophisticated locks, shoot bolts, window locks and burglar alarms. Multiple defences to make it harder for the baddies. We moved from a culture of trust to a culture of protection and prevention.

In that regard, the online world is like rural England several decades ago. Many of us are touchingly innocent about the malevolent, sophisticated and heartless elements out there in cyberspace. (Does anyone say “cyberspace” any more? Or has it gone the same way as “the information superhighway”?) Not to put the frighteners on you, but I can say with some confidence that there are digital baddies out to get you. They are modern-day highwaymen out to relieve you of your cash. And, yes, although there are multiple routes they take, it all boils down to cold, hard money.

OK, I believe you. But why are they interested in me?

  • They want your identity so they can steal your money.
  • They want your confidential information so they can steal your identity so they can steal your money.
  • They want to blackmail you so they can steal your money.
  • They want to hijack your computer, your phone, your tablet and anything else connected to the Internet so they can disguise their criminal activities, attack other computers, and probably ruin your files while they’re at it.

My conclusion, Ladies and Gentlemen of the Interweb Age, is that it’s time to move from a culture of trust to a culture of protection and prevention.

Ah, so that’s where passwords come in

Precisely. Although, to be honest, passwords are only a small part of the picture. There are other technical tactics, attitudes and habits we need in order reduce the chances of being taken for a cyber-ride. But passwords are fundamental, much as we may loathe them. They’re like fitting that first lock to your front door. Even a cheap rim lock is better than no lock. And if the next door is unlocked, guess which one the villain will choose?

If you upgrade to a stronger Yale lock or a 5-lever mortice lock, your chances of resisting attack increase. And so with passwords.

OK, so get to that “Three ways…” stuff

Quite so. Here, then, are my top Three Ways To Let The Baddies Win when it comes to your passwords. If you’ve heard them all before, I trust you’re not doing them. And if you’ve never heard them before, please stop doing them. Now.

Way #1: Use Simple Passwords

There are a bazillion articles on the web about how you shouldn’t use simple passwords such as:

  • 123456
  • Fred
  • Christmas
  • ManchesterUnited

Yes, even that last one is lousy and could be cracked in a little over 2 minutes:

 

weak_password

Oh. Dear. Password assessment courtesy of My1Login.com.

 

Cyber Villains United would thank you for using any of the above or similar.

Way #2: Use the Same Password for Multiple Sites

Why does this matter? ‘Cos if Joe Evilhacker gets hold of one of your passwords he’s going to try it on loads of popular sites and, in your case, he’ll strike gold because you use the same one on Amazon, eBay and Facebook.

Do not do this. If you’re doing this, don’t do it any more. With immediate effect.

Way #3: Make Your Passwords Conveniently Available

<preacher_mode>

If you’re going to physically write them down, treat that document like your front door key. Don’t write your passwords on sticky notes on the PC. Don’t leave them lying about on the desk. Don’t put them in a notebook entitled Computer Passwords. Make it difficult for anyone who shouldn’t have access to even recognise what the document is, let alone get hold of it.

If you keep passwords on your computer, at least make sure there’s a password on that document. (And, yes, you must also protect the password to that document…) A “password manager” is better than a simple document for various reasons – but whatever approach you take assume that the worst could happen. (And, of course, if the information is in a computer file of some sort, it must be backed up somewhere – otherwise, it might be you that’s locked out of your accounts, not just the criminals.)

</preacher_mode>

A note of clarification

At the (severe) risk of insulting your intelligence, I should emphasise that the above are what not to do. Was that blindingly obvious anyway? It was? Sorry.

Enjoy the Internet, that stroppy teenager, and may your digital defences never be breached.

 

Advertisements