If I told you then I'd have to kill you
A brief and practical overview to the importance of password and online identity management
The Top 5 Worst Passwords Of 2011
- password
- 123456
- 12345678
- Qwerty
- abc123
Let’s talk about passwords. We all use them yet how many of us are really prepared for the end of the world misery that may follow if our password is compromised?
What are the challenges to our password integrity?
- Friends, colleagues, classmates
- Cyber attack
- Easy to guess passwords
Friends, colleagues, classmates
We all need to become responsible digital citizens with a clear understanding of the need to protect our own personal identity and password – and to respect those of others.
We see children and young people sharing ‘secrets’ as a measure of friendship.
‘If you were really my friend you would tell me your password.’
It’s a sign of close or special friendship when youngsters share everything, whether it’s a bar of chocolate or the key to their online and digital identity.
A key task for us as parents and teachers is to impress on the young people in our care that a password is private and must never be shared with anyone. Clearly this will cause some points of friction for those parents and carers who take a stand on Facebook and tell their youngsters that;
‘You can have a Facebook account as long as I know your password.’
If our children are to become confident and responsible digital citizens then we need to instil in them the message that their online identity must be protected and managed with as much care as their physical identity.
As adults we seldom model effective digital security and, like children, will share log-on details with colleagues, partners and friends. This should be a cause for concern for all of us.
At work I always log out of my desktop computer when I leave the room despite having known and worked with my colleagues for years. What am I afraid of? That they will use my computer to do something inappropriate or illegal?
No.
I log off to protect them.
If my computer is logged on in my name at all times, then if a ‘bad thing’ is traced to that device the authorities and police will ask;
‘Who had access to this account?’
My bewildered colleagues will reluctantly have to admit that we all had equal access and will fall under equal suspicion.
The solution? Always log off when leaving a device unattended, to protect the reputation of yourself and your colleagues. Avoid sharing passwords where practical (Yes administrators will often share a common account and in this case you should consider recording the dates and times of each use of the account) and understand that 'It's OK, I trust you' is unacceptable practice in the workplace.
Cyber Attack
There are many ways in which your password and personal details can be ‘hacked’. At a rudimentary level somebody may locally or remotely log your key strokes - and there is little defence to this other than ensure that virus protection and security software is functioning and up to date on all your devices.
Similarly hackers may attack the servers of the web based service you are using. We see with increasing frequency news stories of services like Twitter and LinkedIn being hacked and thousands of accounts are compromised.
(More on this at the BBC News site)
Ultimately we need to have faith in these companies to have security in place, including encrypting our personal details. This is a useful reminder not to use the same password for a range of web services.
We must be prepared.
We must be prepared for when our digital identity is compromised. In the same way that most of us understand that at some point in our lives we will be the victim of burglary. With this in mind we try to ensure we know what we will do when this bad thing happens. Simple precautions, and knowing where our insurance documents are, can help ensure damage to our lives is limited and not long lasting.
Take some time to research who you need to contact and the procedures you need to follow if any of your accounts are compromised or hijacked. Most of the social media sites have help pages and we must act quickly to help ensure possible damage to our online reputation is minimised.
Choosing a password.
As most of us will probably use the same email account to register for most of our social media accounts I would suggest that this password is in no way similar or the same as the passwords for your other services.
Set aside at least an hour to plan and design your password strategy. By doing this you will help ensure that you don’t choose a simple password when creating a new account for a new online service in the future.
Forget ‘password’ and think ‘passphrase’. Your passphrase needs to be a mix of special characters, letters and numbers – and not one that a friend, relative or colleague could guess easily.
Choose a passphrase someone else might choose, not one linked to you or your interests.
What?
Here’s an example:
When I was a young fella many of my friends liked a band called The Selector. Let's choose a passphrase for one of my friends from 30 years ago.
One of their songs is:
On My Radio
Let’s run those words together:
Onmyradio
Now that’s starting to look like password. Let’s add a special character and replace a letter with a number
Onmyr4dio^
The passphrase looks complicated but to you it remains easy to remember.
You can now use this as the basis for passphrases for other sites. Think about a rule you will apply to make the passphrase unique for each service. For example you might decide to use the last letter of the service you’re signing in to, at the end of the passphrase. So if you wanted a passphrase for Twitter you would add ‘r’ to the end of the passphrase
Onmyr4dio^r
We can’t make a secure passphrase that will never be compromised, in the same way we can never be sure we won’t lose our wallet or our car won’t be stolen. What we can do however is reduce the chances of it happening and be prepared for how we will limit the damage to ensure our digital reputation and integrity remains intact.
Take care out there. Tis a jungle.