Passwords

22 March 2022

Intro

Passwords are an important way to protect your computer, your accounts, and your information. Having a strong password which is hard to guess is essential, but how do you ensure you pick a good one, and more importantly, how do you remember it?

Below are some simple guidelines to help you come up with a secure password, and a brief discussion on the many tools available for generating and managing your passwords.

Password Strength and Security

There are a few passwords that you should NEVER use to protect your accounts; this is because they are so simple or so common (or both) that they leave your accounts potentially exposed to being hacked. Examples include:

12345
123456
123456789

I’m sure you get the idea - number sequences are common!

qwerty
password
qwerty123
1q2w3e
111111
god
love
guest
admin
default
That last line is intentionally blank.

Common Password Guidelines

Generate passwords randomly where possible, using a password manager (see below)
Use a password with a minimum of 15 characters if you can.
Avoid using the same password on multiple user accounts
Avoid character repetition, keyboard patterns, dictionary words, letter or number sequences.
Avoid using information that is or might become publicly associated with the user or the account, such as username, ancestors’ names or dates.
Avoid using information that the user’s colleagues and/or acquaintances might know to be associated with the user, such as relative or pet names, romantic links (current or past) and biographical information (e.g., ID numbers, ancestors’ names or dates)..
Do not use passwords which consist entirely of any simple combination of the previously mentioned weak components.

How Strong is Your Password?

A table has been compiled by security company Hive Systems giving an indication of how long it would take someone on a modern computer to crack your password. Think about the passwords you use, and then look them up in the table below to give you an idea of how secure it is.

diagram showing the movement of information during login

Password Managers

Password managers are a great way to not only keep your passwords and usernames in one place, but they can also be used to generate secure hard-to-guess passwords.

They work by creating an account, or “vault” where you can store all of the passwords you use — shopping accounts, social media, banking, etc.

The password manager account is protected by a “master password”, and often by 2 factor authentication.

Password managers allow you to copy your login information for a site from your vault and paste it into the login page of the site, without having to remember all of your passwords, or having to remember which password goes with which account.

Password managers can also create randomly generated passwords for accounts, so you can be sure that your password is secure.

Another benefit is that they can help protect you from phishing by preventing you from logging in to a site which is being spoofed - ie it all looks correct, but the website address is wrong and the whole fake site is being controlled by the malicious actor.

1Password and LastPass are examples of well-known password managers. Apple has even started to get in on the action with iCloud Keychain.

The iMore website has a good run-down of available Password Managers for macOS in 2022.

What else can I do?

One of the best things you can do to improve your online security is to make use of Two Factor Authentication (2FA) on any website which supports it. This offers an additional level of protection over and above your password. Stay tuned for the next post in this series where we’ll cover Multi-Factor Authentication in more detail.