How good are your passwords? [BT broadband office]

How good are your passwords?

Posted 18 February 2008 at 2:08PM by Ian Betteridge in Internet security

What would you guess is the most commonly-used password? According to the marvellous Modern Life Is Rubbish blog, it's as simple as "123".

And if that's the password you're currently using, then you should change it, pronto. But don't choose "password" (which is number two on the list), "liverpool" (number three) or "letmein" (number four). None of those would stop someone getting into your accounts for more than a minute.

The thing about passwords is that they have two different forces pulling in opposite directions. On one hand, it needs to be something simple enough for you to remember. On the other, it needs to be difficult enough so that it can't be guessed.

And that means that all of the things you find easy to remember, like your birthday, your kid's names, and the name of your favourite football team are out of the window - they can all be easily guessed by anyone that knows you.

So instead, bite the bullet, choose a random string of letters and numbers, and spend some time memorizing it - it's the best way to create a password which actually works.

Tags: bt, bt broadbandoffice, passwords, security

New feature: Rate this post!

Currently 5/5
1
2
3
4
5

Average rating: 5/5

Comments

1. At February 18, 2008 3:38 PM, Nicola McBlane wrote:

Memorizing a purely random string of numbers and letters is something most people find a little off-putting - so instead pick letters that are initials for things you can remember and some numbers that fit with that.

Chocolate is my favourite food - becomes - cismff - and then add numbers so c1smf4. The 1 and 4 are by swapping the letters for numbers that look like them - since the password itself lacks a pattern this isn't too bad - but it would probably be better to add in other meaningful numbers - and not house number or birthdays etc.

It would also be better if the sentence itself was something could you remember as being in some way connected with the password - if it's a work one then perhaps "My parking space is the fifth on the right".

PS> This isn't a password I use - and neither should anyone else - it's too short for one thing.

2. At February 19, 2008 9:20 AM, Meriadoc Brandybuck wrote:

A point for you Ian, no matter the password which is chosen, wither it is as simple as, "password123" or complicated as something like, "3DhjWaPkI834gF" which is hard to break, as long as thier is hackers out their, there really is no 'safe' password to use for protecting your things, wither it is your account, word document, folder or NT Logon.

After spending time studying Computing and elements of Web Design at university, I have came across lots of tools that let you hover over passwords that are being entered, and it reveals them, though all that maybe seen is ******* . In addition to that, it is fairly easy to get key-logging software on the PC and take all the details from there.

So the question that should be asked is: In reality, just how safe is your password?

3. At February 19, 2008 11:42 AM, Ian Betteridge wrote:

Merry, in a sense you're right. No password is immune from "brute force" cracking, and there are always holes in computer systems which let someone bypass passwords altogether.

However, that's still to reason to make it easy for the unskilled to guess it - so I'd say keep your passwords hard to guess anyway.

4. At February 19, 2008 1:38 PM, David Martin wrote:

Another easy way to make a 'fairly' secure password is to use geek-speak. Take something like the breed of your dog and substitute some letters for the numbers that they look a bit like. So 'labrador' becomes 'l4brad0r'. Even 'p455w0rd' becomes a little more secure.

5. At February 19, 2008 2:13 PM, Meriadoc Brandybuck wrote:

The way I decipher what passwords to use is via the classic book / movie trillogy, "The Lord Of The Rings", wither it be obscure characters in them, or the myths of that world. So unless you are some kind of LOTR Buff with no life, mines is typcially VERY hard to get.

In my view however, they need to make things MORE secure, by maybe adding a few more layers of sercurity, such as another password, or person specific questions.

6. At February 19, 2008 2:54 PM, Nicola McBlane wrote:

One of the most basic ways people try to crack passwords is to use words from a dictionary - and most who try this use those standard swaps for leet now David - that's just too well known. More random numbers (but in some way meaningful to you for easy memorization) are better.

7. At February 20, 2008 1:18 PM, Gandalff wrote:

With regards to Meriadoc Brandybuck we all now know who you are and would be able to guess your passwords !!!!!!

8. At February 21, 2008 11:11 AM, Meriadoc Brandybuck wrote:

Gandalf, you might be a white wizard, but to know who I am would be a great feat indead, or my area of work even in this day and age. The Brandywine river protects all the way.

If you do know, then use your wizard powers indeed!

9. At February 21, 2008 2:44 PM, Simon wrote:

With regards to passwords, I currently choose a word and then translate it into another language. My football team were playing against a Hungarian team when I came up with this idea so I translated my password into Hungarian.

10. At February 21, 2008 7:59 PM, Gandalff wrote:

Im using my powers and I can see the initals WB.

You'll never guess who I be.

11. At February 22, 2008 9:20 AM, Meriadoc Brandybuck wrote:

Then that is where you are wrong oh white wizard. My initials are MR, not WB. Looks like old age, and smoking of the pipe-weed has affected your powers.

The best way to do passwords, in my view, is to keep on changing them every second week, so that if people do get hold of your password, it may not be your current one that you are using.

BT broadband office