How to Keep Passwords Secure

How to Keep Passwords Secure

Any frequent user of the internet has a frighteningly large amount of data stored online — all accessed with simple passwords. Neenu Abraham lists out the risks and offers some handy tips to stay safe online

For all the avid users of multiple email and social networking accounts, there’s one important thing you need to do before you depart this world — apart from your will, that is. Log on to www.passmywill.com and leave all the password clues to all your financial documents so that your relatives and next of kin can access it. Questli (www.questli.com), the company which hosts the site, will hand over your ‘Password Will’ to them, after confirming that you’re no more and that your relatives are the rightful successors. Danil Kozyatnikov, founder of Questli, who started the service just a few weeks ago, told ET that the response was “unbelievable. It was about a tweet a minute for the past 24 hours.”

With online assets becoming as important as physical ones, the need to have proper passwords to protect them is very important. Not only do you need to have secure passwords, but you also need different passwords for all your different email accounts, bank accounts, social networking websites and forums. ET analysed a few easy steps which can help you create strong passwords, manage them well, store them in password vaults and even avoid the common mistakes people make while creating passwords.

HAS YOUR PASSWORD BEEN HACKED?

The first security check that needs to be done is to find out whether your password has been compromised. Some services like www.shouldichangemypassword.com can help you determine this. Visit this site and just enter your email address. The site scans through a number of databases that have been released by hackers to the public. If your email ID has been compromised, it will give you more details and tips on creating a stronger password.

HOW STRONG IS YOUR PASSWORD?

Testing the strength of your password is very important as it shows how vulnerable it is to hacking attempts. One way of doing this is through the Microsoft Password Checker (http://goo.gl/BB0zC). Once you type in your password in the box, it analyses it and tells you whether it is weak, medium, strong or very strong. If the password checker advises that it is a weak password, you should change it to a stronger password immediately.

CREATE A STRONG PASSWORD

Some argue that the era of passwords is over. Nowadays, security experts will advise you to create pass ‘phrases’ — to ensure that hacking your data becomes even more difficult. Sanjay Bahl, chief security officer, Microsoft India, offers a simple solution to this. “Think of a sentence that you can remember. For example: My daughter Maya is two years old. Enter this into your online system to see whether it takes this pass ‘phrase’. If it does not, pick the first letter of each word of the sentence and create a new, nonsensical word, like ‘mdmityo’. To make this more complex, mix the letters with uppercase and lowercase letters and numbers. (for instance, mdMi2yo). For added security, pepper this with some special characters. You can also use symbols that look like letters (eg: mdMi2y0).”

MANAGE MULTIPLE PASSWORDS

Remembering all those nonsensical passwords can be cumbersome and this is where password managers can help. One of the recommended sites for this is www.lastpass.com. Once you download the free software provided, it integrates with your system and web browser. You will first have to create a LastPass account with your email address and a single, master password. Once you log in, import all your passwords to this account. Each time you open an account or webpage that requires authentication, the password will get filled in automatically. An interesting feature here is that it can even create a strong password for you and store it. The passwords are not bound to one PC either — you can log onto the website from anywhere and access your passwords. The software works across browsers like Internet Explorer, Firefox, Chrome and platforms such as WebOS, Windows 7, Symbian, BlackBerry and iOS. Roboform (www.roboform.com) is another efficient paid service you can consider.

PASSWORD VAULTS

Password vaults are an option if you have difficulty remembering multiple passwords. Most browsers have their own vaults. If you use Windows 7 for instance, you can use the Credential Manager to store credentials like usernames and passwords that you use to log on to websites or other computers on a network. Credentials are saved in special folders on your computer called vaults. To access it on Windows 7, simply type ‘Credential Manager’ in the start menu. Mozilla’s Firefox also has its own master password vaults. If the option in enabled, a message will appear each time you login to a website using Firefox, asking you whether it should remember the password. If you choose yes, the password is saved in the vault and will automatically appear each time you log in. For Apple fans, there is the Keychain Access in Mac OS X. Some of the other popular vaults are Password Safe (http://passwordsafe.sourceforge.net) and KeePass (www.keepass.info).

IN CASE OF EMERGENCY

A process similar to creating a will can be done with passwords as well. If you log into sites like www.passmywill.com, you can enter names and email addresses of friends or relatives you wish to share your password with in case of death. These friends are given clues which lead them to the password. The company ascertains whether you are dead, either through Twitter, Facebook or other social media sites where you have been active. Once it ascertains that a user has passed away, it distributes the ‘clues’ to the people mentioned in the will.

HOW SECURE ARE THESE SERVICES?

Password vaults and managers are not immune to security breaches. Infact, www.lastpass.com had recently asked all its users to change their master password (though more as a precautionary measure rather than due to an actual breach). Although the passwords are stored online in an encrypted form, your master password is not stored anywhere. Make sure you remember your master password because without that, there is usually no way to regain access of the vault.

PASSWORD BREACH AT PUBLIC PLACES

In areas with shared computers like cyber cafés and libraries, there is a much higher risk of your password being hacked. If you must use a shared computer, use an online password manager/vault, a complicated password and an on-screen keyboard. If you regularly access the internet at cyber cafés, make it a habit to change your password frequently.

STEP UP SECURITY

In the battle against hackers, it is best to update the virus protection software on your PC regularly. Here are some tips from Sanjay Bahl of Microsoft India: Keep close watch on e-mails, especially phishing lotteries & gifts. If you receive an e-mail asking you to share personal information, do not do so. Never assume that default settings are safe and make sure that you change them in such a way that you do not share any information inadvertently. Scamming individuals can get your ID information by exploiting programming weaknesses found in websites. What appears to be a professional, secure website may in reality be a front used to collect personal information for identity theft purposes. The basic rule here is to use a secure web browser and check the website’s business reputation.

Source | Economic Times | 12 October 2011