How to protect your PINs and passwords
We look at how to improve your security online.
Sections
Picking a poor password
For a long time 'password' has been the world's favourite... well, password. It's recently been taken over by the equally lousy '123456'.
Many of us go for passwords that are easily discovered by fraudsters, whether it’s the name of your favourite football team or a family member's name. Thanks to public databases and social networking, your supposedly private life may be laid bare for cyber-crooks to sift through.
Another terrible password is the name of the website you're visiting. For example, Barclays customers using 'Barclays' as a password are asking for trouble.
One key opens many locks
Another problem arises if you use a single password to access many different websites. In this scenario, once I have one password, I have access to all your accounts. In effect, you're giving me a master key to open all your locks and make a 'clean sweep'.
Passwords should be unique to each website you visit and every account you use. If you can't remember them, then write them down in a coded message and securely hide this piece of paper. Alternatively, use a Password Safe such as that developed by American cryptography expert Bruce Schneier.
How to create stronger passwords
Of course, strong passwords are more complicated than weak ones, but that's the whole point. They are harder to guess or find with a 'dictionary attack' (searching around 200,000 commonly used words in English).
To create strong passwords, you should:
- Use at least eight characters and, ideally, more.
- Use a mix of upper-case and lower-case letters, numbers and keyboard characters accessed via the shift key and non-letter keys.
- Don't use your name, family names, slang words, swear words, words found in dictionaries and first names. These are easy meat for the professional cracker.
For more advice, read this report from online-security firm Imperva (PDF document) on the infamous hack of 32 million passwords from the RockYou.com website in December 2009.
Protecting your PIN
It's not just passwords where we need to be careful. To use a credit, debit or store card, you'll need the four-digit PIN (Personal Identification Number) linked to that plastic card. There are 10,000 combinations of PINs, from 0000 to 9999.
Of course, if you enter the wrong PIN three times, then your card will be locked. This prevents a 'brute force' attack to find PINs, which involves checking all possible combinations.
Even so, PINs aren't as secure as you'd imagine. This is because millions of cardholders change their default PINs to numbers which they find easier to remember. Often, this weakens the security of their cards.
To create a safer PIN, choose a random four-digit number, or simply stick with the default PIN given to you by your bank. Otherwise, you may inadvertently be putting your credit card and current account at risk of fraud.
Loose lips lose money
In short, the more you know about someone, the easier it is to guess their passwords. So be careful about what you post on social media sites. The more information you post on Facebook, Twitter and the like, the more personal data you give to crooks, criminals and fraudsters.
More on scams and rip-offs
Don't fall for this pathetic lottery rip-off
Most Recent
Comments
-
Never describe how you generate a password! The hackers will only add that process to their routines, then target you, especially if you boast about how 'good' it is. It will only spice their enthusiasm to show off their skills. (I hope you don't use the same password in more than one place?) What we need to embrace is the combination of biometrics and tokens. (Who you are and what you own, as well as something you know.) You cannot blame people for using the same password when one is required at almost every interface around. Memories don't have the capacity, yet security officers think that a password with a combination of alpha and numeric is strong!
REPORT This comment has been reported. -
I figured out my daughter's password after only two attempts. She teaches modern history, and knowing her speciality period, was able to guess the word very easily. Since then, she has changed her word. Both my children, however, have been trying for the past four or five years to break mine - without success. I found that picking a random set of easily remembered words, for instance spaghetti-on-toast, 5pagh3371-0n-t0a57, or phrases, then using hyphens, always turning letters that can be changed into numbers, such as 1=I, 3=E, 5=S, 7=T, and 0=O, etc., can make breaking a password, especially if one changes it quite regularly, reasonably unbreakable. Well, it works for me, anyway
REPORT This comment has been reported. -
I was once explaining to a customer which formats were not permitted for his online banking PIN: no sequences such as 1234, three or more of the same digit, and certain specific numbers such as 1944, 1966, and 1984. When I also mentioned 1066 there was a thoughtful pause, and then he replied "I'm going to have to change my alarm code, aren't I?"
REPORT This comment has been reported.
Do you want to comment on this article? You need to be signed in for this feature
05 December 2013