Passwords. Passwords, passwords, and yet more passwords. We seem to spend our lives choosing, and then trying to remember password after password after yet another brand new password. And no, I don’t want to choose a lower case letter, an upper case letter, two numbers, three symbols, seven Egyptian hieroglyphs, and an ancient Nordic religious talisman. In fact, I’d rather just stick my laptop in a safe and pretend the internet never existed!

Okay, breathe. Perhaps it’s not all that bad, but it is easy to see why so many people suffer from ‘password overload’. Most people now have at least 22 different online passwords to keep track of [http://www.bbc.co.uk/news/business-20726008], and at least six in ten people reuse passwords in different apps, or on different websites, to help them keep track of the number they need to remember [https://mobileidworld.com/password-overload-millennials-006194/]. And despite reusing passwords, as many as three out of ten people still need help accessing an online account at least once a month [https://blog.dashlane.com/password-overload-2017/].

Why passwords matter.

We’ve blogged before [https://www.1stcalldetectives.com/blog/2018-03-07-123456-why-bad-passwords-are-bad-news-for-your-online-security] about why using strong passwords to protect your online accounts is so important. Hackers, and other varieties of online bad actors (no, not like Pierce Brosnan in Mamma Mia) really, really want your personal data so that they can use your identity to carry out their dastardly plans, and passwords are the first line of defence in stopping them.

How you can pick a powerful password #thinkrandom

Every website, and certainly every smart-alec (or Kevin, Brian, or Naomi) IT expert, seems to have their own advice about what makes a good password. That would be wonderful, if only they could all agree. And let’s be honest, it’s really hard to remember long collections of random letters and number. So, instead, we recommend that you go with the official guidance from the National Cyber Security Centre, and pick three random words.

Here’s how to do it:

1. Choose three random words. The more random and unconnected the better. Wombat, toilet, and umbrella will do.

2. Put them together. So, in our example, we’d get ‘wombattoiletumbrella’.

3. Use the resulting nonsense phrase as your password.

4. Repeat for every password you need to use.

Of course, it’s best not to use those particular three words now that we’ve published them here - that would be a bit obvious.

Why does #threerandomwords work?

Long, complex passwords are great at keeping the evil baddies out of your accounts. But, they’re no use to anyone if you can’t remember them. And, worst of all, not all passwords that meet the ‘rules’ most websites put in place are actually very secure.

For example, P@55w0rd will satisfy most sign up forms; but any hacker worthy of the name will guess it in seconds. Actually, possibly even less than one second it’s so obvious.

A little salt with your hash?

No, we haven’t suddenly remembered it’s time for lunch. Well written, reputable websites (and let’s be honest, they’re the only kind you should be using) don’t just keep a record of your password. Instead, the website uses a process called ‘salting’ which stirs your password in with other data like your username, and store the resulting mix instead. Combined with #threerandomwords, that should provide a perfectly adequate level of protection from attackers.

The one thing you can’t really guard against is those nasty horrible cybercriminals hacking into a website and stealing the files which contain all the password hashes. But then, the bad guys and their cronies will most likely be able to crack any password you use, no matter how long, random, and impossible to remember. So, it’s not really a risk worth defending against.

Encryption matters too.

Not that we’re bragging (well, not much) but our website uses SSL (well, TLS 1.2 actually) encryption to make sure that nobody can see any information that passes between you and us. All websites should do that (it’s what the little green padlock means) because without it, cybercriminals can intercept your username, password, and any other information you share as it passes over the internet. And if that happens, it doesn’t really matter what password you use - the bad guys can read it anyway.

And finally, it’s okay to write down your passwords… kind of.

Remember we said that most people have at least 22 different passwords to remember? Well unless you’re some kind of genius memory master (in which case, come and say hi, we’ve got work for you!) there’s no way you can remember all of those yourself. So, pick a secure, reputable password manager app and store them in there. Then you’ll only have one master password to remember, and for that you can use #threerandomwords.