Everything we do seems to require a password. They are the gateway to the on-line world. And yet, given that they are also the access point for bank accounts, personal details and private correspondence, we probably don’t treat passwords with the seriousness we should.
Most people’s choice of password is governed by the ease with which they can remember it, rather than by the level of security it provides. But, in terms of priorities, that’s not really what passwords are about. When they’re used like this or when they’re viewed just as an obstructive step to go through in order to access a website then they’re hardly serving as the security measure that they are primarily designed to be.
The problem with easy to remember passwords is that if they’re easy for a person to remember then they probably have some fairly obvious association with that person; the names of their children, dates of birth, the address where they live or work. Therefore, if somebody wanted to work out their password it would only take a little research and a few educated guesses.
Too often passwords are predictable and relatively easy to work out.
When we’re asked to put a number in the password; most of us probably use the same number. When we’re asked to put a special character in the password; most of us probably use the same special character.
On the whole, we’re just not very creative or imaginative.
The fact that many organisations have slightly different permissible options for selecting a password (certain things we have to include; certain things which are inadmissible), means that we will be obliged to vary our passwords slightly. That’s great for improving security as it stops us using the identical password every time; but also means we just won’t be able to remember them all. So what do we do? We write them in a “password book” which, more often than not, we will keep by the computer.
Again, it’s that desire for ease rather than any thoughts of security.
The current crime trend of thieves breaking into a house to steal a set of car keys so that they can take a car without damaging it will one day be surpassed by thieves breaking into a house to steal “password books”. That could be far more useful, far more profitable.
But what else can we do? If we don’t write it down then we’ll forget it.
Sometimes when visiting a new site we will be asked for a password and we will input our choice. How many times have you then said to yourself, “I’ll remember that; I don’t need to write it down”? How many times, on later occasions, have you then had to have recourse to the “Forgotten Password” button?
On a more positive side, even if our password is guessable, given that there are so many people in the world and that, in all likelihood, there will be both more attractive and more lucrative opportunities, the chances of us being targeted by a hacker are slim. And secondly, there probably aren’t that many cyber-criminals out there. It’s a criminal activity that has certain barriers to entry – the need for a computer and the need for some basic IT know-how.
That will deter many start-up hackers – shop-lifting is a much easier criminal activity to get into.
When we start thinking about the quality of our password we do start to question its security credentials. How secure is it? Could somebody work it out? Suddenly we are filled with doubt about it and we will feel the need to change it.
In terms of password security we should make sure we have a number of different passwords for different sites. It’s a case of damage limitation. If one of our passwords is compromised then its impact is limited. It’s a problem but it’s not necessarily a major problem. It doesn’t bring our whole on-line presence crashing down.
Ideally, we should also change our password every so often. Hmmm… that’s something that probably doesn’t happen unless we work in an organisation which insists on periodic changes to passwords.
Like with most crimes, we tend to take them seriously only when we have been a victim to them. Always after the horse has bolted! Too often, we get by on a “it won’t happen to me” attitude. Instead, we should be aware of the risk and ensure that we have effective password security in place – a password that is secure rather than one that is just easy to remember.