Beware of Bad Advice On Password Protection

Protecting your online passwords has never been more important than it is today. Research from credit checking company Experian has revealed that fraudsters traded more 12 million pieces of personal information online between January and April last year, representing a threefold increase on from previous stats.

Experian’s research revealed that victims of online identity fraud have suffered negative consequences such as:

• refusal of loans or credit cards (14%)
• debts being run up in their name (9%)
• refusal of mobile phone contracts (7%)
• being chased by debt collectors for money they did not owe (7%)

High-profile password hacking incidents have increased dramatically in the past couple of months, with millions of Adobe, Github and Vodafone accounts among those compromised. Each new incident has prompted a flurry of media coverage and these news reports have often offered advice on how best to protect your online identity.

However, the team at my1login have noticed that, in several cases, the advice being offered is deeply flawed and could actually do more harm than good!

Firstly, one report suggested using a password security checker, such as this one from Microsoft (MS have since removed their password checker), to determine the strength of your logins. However, upon investigation, we discovered that the Microsoft checker rates “password123456” as a strong password. It is not. On the contrary, “password123456” is a very weak password as it is a common dictionary word, all in lower case, followed by a predictable number series

Strong passwords don’t just contain a mixture of letters and numbers. They should be long (at least 15 characters long) and contain uppercase, lowercase, digits and symbols. Common words and number sequences should be avoided, as should personal information such as birthdays or the names of family, friends, pets, favourite football teams, etc.

Secondly, some news reports have suggested that it is good practice to change your password on a regular basis. However, if you are simply changing one weak password for another you remain as vulnerable as ever. Forcing yourself to change passwords regularly often results in users adopting weaker logins to make them easier to remember. It’s better to create a very strong password that you keep for a long time, than to use weaker passwords that you change regularly.

Finally, contrary to some online advice, it’s absolutely not OK to write passwords down. It’s a weak practice which compromises password security. Strong passwords need to be augmented with strong practice.

Here’s my1login’s list of key points to remember:

• Don’t use the same password on multiple sites.
• Never write passwords down or store them in your phone.
• Don’t enter them in Word or Excel. Even if you delete the file there will still be a recoverable imprint of it on your computer, long after it’s sold or donated to a recycling company.
• Don’t email passwords to yourself or others. Your email is readable by your provider – and anyone who may hack your provider!
• Don’t feel that you need to change your password regularly. A very strong password that you keep for a long time is more secure than a weaker password which you change periodically.

Be aware of the increasing dangers that exist online. Phishing emails and spoofed websites are increasingly used to capture usernames and passwords, so be wary of emails asking for your credentials, or ones which want you to click a link to confirm your account.

Sensitive accounts, such as banks, should always be visited directly, or from the link contained in your password manager which you created and know is accurate. Always check the website address to make sure it’s legitimate and look for the padlock symbol or HTTPS.
My1login’s password management service can help you create and remember super-strong passwords and acts as your personal secure portal to the internet.

If you'd like to see how my1login can improve your business's online security and help protect you against hacks in 2014 try out the my1login password manager for free, or leave your email address and we'll send you an information pack.

Email