Almost every website you visit will prompt it’s users to sign up, register your details, or sign up for their newsletter. This isn’t a bad thing, on-line marketing is big business and every business with an on-line presence wants a part of that pie.
As a side effect of this, the end user is being burdened with an increasing number of separate on-line accounts for all the websites they visit. Human nature encourages us to follow the path of least resistance, which is to select easy to remember passwords and re-use them across multiple websites; coupled with the increasing amounts of personal information that big businesses are attempting to capture and the amount of on-line fraud and identity theft leaves us with a ticking information security time bomb.
Late last year, Gawker, a popular News and Gossip blog was hacked and a list of over a million user login details were published on the net. The published information showed that the most popular passwords used were ‘123456’ (the combination for my luggage) and ‘password’, and many other popular websites started advising their users to change their passwords as password re-use is so rampant.
The holy grail of any hacker is your email account. If you get into that, then you can intercept ‘forgotten password’ requests from other websites and use it as a stepping stone to gain illegal access to more of your personal accounts. A quick glance around the net shows that Twitter, Facebook, Play, Amazon, Tesco, Ebuyer, The National Lottery and John Lewis all required you to enter your email address and password to login. Many people will use the same password for all of these sites, and possibly the same password as their email account itself. This isn’t limited to big sites… a small badly coded site can be hacked potentially giving hakers the keys to the rest of your online identity.
So what can we do about it? Strong passwords are the obvious answer, long random passwords containing upper-case and lower-case letters and numbers as these are the hardest to guess or to hack – and to use a different password for each website. However anyone who uses the internet for more than the most basic tasks needs to remember dozens of logins, and it’s simply impossible for the average Joe to remember that many unique passwords.
There are plenty of free password managers out there that you can use to securely generate and store your login details:
GMail has a mobile authenticator which you download to your smartphone and generates a unique number you have to enter with your login details, so that even if your details are stolen a hacker cannot login without also stealing your smartphone.
Strong passwords can be easily memorised using a Mnemonic where you turn your password into a phrase you remember. Even with a password manager there will still be one or two passwords you may want to commit to memory, and this can help you to do so without writing them down.
We can’t stop everyone from bad password management, however it is always nice to feel secure in the knowledge that when one website account gets compromised due to no fault of your own, then it is only that one website you have to worry about.