Evergreen's Top Tips To Increase Your Password Security

25th March 2013 :: Data Security :: Author: Andrew Cope, Managing Director, Evergreen

http://www.dreamstime.com/stock-images-screen-image19585224The BBC news website reported on March 21st, that a surreptitious scan of the entire internet conducted over a 9 month period, revealed that millions of printers, webcams, set-top boxes and modems were still only protected by default passwords set by the manufacturer and had not been changed by the purchasers. These security failings highlight an open invitation for malicious hackers to run criminal networks known as botnets, which are used to send out spam, intensify phishing attacks and compromise data.

Last month, Twitter, now celebrating 7 years of service, announced that from its 200 million users, 250,000 may have had their passwords and email addresses stolen by hackers and advised all users to change their passwords. Did you?

Let's face it, whether you Tweet, use Facebook, shop online or simply use online banking, life has become a series of pin numbers and passwords and remembering them all, whilst maintaining security seems to be an ever increasing challenge. It's hardly surprising then that there are a growing number of people who never change their password or use the same password across a variety of websites and internet platforms. If this is you, then today is the time to make amends!

Here are our top tips to help you:

1) Create Strong Passwords

Hackers are expert at ploughing through vast amounts of data very quickly, so the longer and more complex your password is, the more secure it becomes, as the number of possible combinations grows with every character added. Don’t use family or pet names that may be easily obtained from social networking sites. One of the best tips is to use a phrase. (That way you' ll easily be able to remember your password without having to write it on a post-it note!). Simply take the first letter of each word and then add some numbers or symbols for good measure or even substitute letters for numbers eg. 'It's better to be safe than sorry!' could be Ib2B5tS!

2) Modify the password for different websites

This may sound obvious but there are many people that don't! If your password got into the wrong hands, you could have everything from your work accounts to your personal bank accounts compromised. In theory, the most secure password strategy is to use a completely different password for each site but then you have the problem of remembering them all. Choose your strong password and then modify it for use on different sites eg. Using the Ib2B5tS! example as above, Amazon password could be Ib2B5tS!Am, Google password could be Ib2B5tS!Goo etc.

3) Use a password tracking app such as SplashID or 1Password.

These apps can help you track all your miscellaneous passwords, keeping your accounts secure and saving you the time and effort of having to go through a password re-set each time you forget your password.

How can you improve password usability on your business website?

Does your website have secure-log in for your customers? Is your password usability well thought out or are you restricting customer access? Customers are usually asked to set their password during a registration process or following a transaction after making a purchase. For best customer password usability, it's worth bearing the following points in mind when creating password settings:

1) Don't be too restrictive – If you insist on a long passwords with a specific number of letters, numbers and characters, users will find this difficult to remember so will write the password down compromising its security.

2) Let users know the rules – Outline the minimum password length and if any special characters are required, display this to the side or below the password entry field.

3) Ask users to retype their password - This ensures that the password they’ve entered is the one they think they’ve entered.

4) Show the password strength - Rather than a restrictive password policy, encourage users to set a secure password by advising the strength of the password they’ve just entered. Users will instinctively try to use a stronger password, especially if you use positive feedback such as a red, orange green colour code.

Need help improving the log-in page and password security on your site? Evergreen's new authentication system uses the latest best practices when it comes to storing passwords and authenticating users. Whilst the system cannot protect against weak passwords, it does ensure that passwords are stored securely. Contact Evergreen today for more information.