Different systems have different ways of formatting passwords used to access them. Really a password should be 8 or more characters, have a combination of uppercase and lower case alphanumeric characters, numbers and if permitted one or more non alphanumeric (!, %, ^, _ etc)characters.
Sending a password to a client
We have a very strict set of password rules which help protect both our and your interests and privacy.
We do not give passwords to anyone using the same medium as what the password is for. An example is where a customer may ask us for a password for a new email address.
If we email the new email address and put the password for it in the same message, it may be intercepted and used by a 3rd party. Also, we cant stop the recipient printing out the details and being careless with the printout.
If a password and what a password is for is requested, we will send them separately – one by email and the other by TXT or WhatsApp or some alternate method.
We can tell the client the password over the phone but in practice this is very unreliable as by the time they get to 16 random characters there is a very good chance they will get it wrong.
Storing passwords with a password manager
This is a good idea as you only need a single password to unlock your database of passwords. We do not recommend any in particular as each password program has its own advantages and disadvantages. I would recommend that you ensure the password datafile is backed up.
Storing passwords within your browser
Your browser may offer autofill options and password storage facility. This is a week point for several reasons, two of which I will go through now.
- Someone with access to your computer will be able to access password protected sites without needing to type in your password.
- It is possible to open the password file within some browsers and simply read the passwords of your screen.
- There are password extraction programs which can be used to easily extract the passwords stored by your browser.
- If your computer becomes compromised (never allow yourself to become over confident) your passwords can be extracted over the internet.
Really not a good idea to store important passwords in your browser.
Most financial establishments now use 2 factor authentication whereby they will send you a message requesting approval to proceed. They may use TXT, or email before you can fully sign on to their web site. Some banks use a special FOB or card reader to help prove you are legitimate.
If your financials get attacked, it is not likely to be someone who has your log on details and your mobile phone or other authentication method.
Using the same password again and again
Some low security systems use an unencrypted password for access. In the days gone by, Hotmail didn’t encrypt passwords. This meant that if an internet snooper picked up an un encrypted password, they would store it. Then when the victim would go to a web site which had encrypted passwords, the snooper would guess that the two passwords would be the same and attempt to hack it.
Passwords with patterns
Yes, some people will use the same password over and over again but with changing a single digit each time. A pattern like this can be easily identified and unknown passwords may be easily identified. For example qpj8srrt1 then qpj8srrt2 then qpj8srrt3 etc.
Other avoidable patterns include having the date as part of the password. Handy if you are bound to change your password on a regular basis but the sequence gives it away.
Some people use their bank pin as their phone pin – I kid you not!
Another pattern is to take a paragraph from something – a nursery rhyme or the beginning of a speech for example and use the first letters of each of the first few words as the password.
Manually encrypted passwords
Lets say my email address is email@example.com and my email address password was yjp,sdgtp,fti,wiom – looks complex – well look again. This is an old form of encryption. Basically, the characters in the password are the same as the email address but the digits in the password are the characters on the keyboard to the right of the digits in the email address.
See how long it takes you to work this one out – it uses a slightly different technique than the example above.
Cheeky and actually looks complex but very easy to crack.
Please avoid using bad language, sectarian, racist language or other unacceptable terms in your passwords – remember they can be extracted by people who may not just use them to hack your services but use them against you in other ways.
- Make sure the password has 8 or more characters.
- Use a combination of uppercase and lower case alphanumeric characters, numbers and if permitted one or more non alphanumeric (!, %, ^, _ etc) characters.
- Avoid including parts of what the password is for, in the password.
- Use a different un guessable password for everything.
- Use 2 factor authentication when possible.
- Never write down or print passwords.
- When you are finished with what the password is for – remove all records of it.
- Avoid storing crucial passwords in your browser.
- Use a password protection program that suits you.
- Use finger print scanners or other bio forms of security if possible.
- Characters to avoid i, I, l, L o, O, 0, 5, s, S, 9 and q.
Passwords do not make things easy for us but are a necessary evil.
Look after yourself.