Practioner Unknown
Share this content
Tags:

Password scrabble? You're not alone!

13th Nov 2014
Practioner Unknown
Share this content

Our recent security breach with our HMRC agent's login has taught us that we need to be more disciplined in protecting and then regularly changing our passwords. The trouble is, they take some managing. I was beginning to think it was just me, but apparently the problem is universal!

Centrify Corporation reckons the average employee wastes £261 a year in company time on trying to manage multiple passwords. I'm not sure if I'm more horrified at the amount, or at the thought of the work that must have gone into such a precise calculation!

In fact, their research shows that more than a quarter of workers enter a password more than ten times a day. It also found that:

  • 38% of workers have accounts they cannot get into any more because they cannot remember the password;
  • 28% get locked out at least once a month due to multiple incorrect password entries;
  • one in five change their passwords at least once a month;
  • 14% believe they will have 100+ passwords to deal with in the next five years. 

Another article I read this week says that more than a third (35%) of those questioned admitted that they do not create strong passwords because they struggle to recall them - yep, that's me! Nearly half (47%) have unsafe password habits such as using pet names or significant dates.

Jamie Saunders, director of the National Crime Agency (NCA) National Cyber Crime Unit, says what I think we all know already - that cyber criminals “will target weakness and therefore having weak passwords will leave you vulnerable”. The best way to deter hackers, said Saunders, is to use a mixture of numbers, letters and symbols and upper and lower case letters in a password. The trouble is, those are the least memorable passwords, and if you're trying to use a different password for every website and application you're soon going to come unstuck. And if you DO manage this mammoth feat of memory, you're going to have to repeat it every few months to stay ahead of the bad guys.

In the meantime I just can't bring myself to change our HMRC Agent's login yet again, but I know I have to! When did you last change yours?
 

Tags:

You might also be interested in

Replies (5)

Please login or register to join the discussion.

Adrian Pearson
By Adrian Pearson
13th Nov 2014 17:21

Lastpass
Because you are not alone with this problem, there is a solution already out there.

Checkout lastpass.com. All of the issues you raise resolved: you only have to remember one password in future.

Thanks (0)
Chris M
By mr. mischief
14th Nov 2014 07:06

Easy peasy lemon squeezy

This is not something I suffer from or will ever suffer from.  Yet some of my passwords run to 20 characters, and some of them are written on the data sticks and hard drives they are protecting!

Here is how, first you need a poem or phrase you have hard wired in your brain:

The boy stood on the burning deckWhence all but he had fled Take the first letters: tbsotbdwabhhf Now add a number and punctuation: 54! Now set up an Excel file for the passwords, so that would be "54!" under accountingweb if tbsotbdwadhhf54! is my password for this site.  Likewise, you can write 54! on your data stick or hard drive. For ultra-secure important ones just add more lines: The flame that lit the battle's wreckShone round him o'er the dead. tbsotbdwabhhftftltbwsrhotd Without the key text, 54! by itself is pretty much useless for the big search algorithms which crack passwords.  In the event of my death, along with my will there is a Word document explaining all this and what the key sentence is so that my executor can access all my sites.   

Thanks (0)
avatar
By Susiepie
17th Nov 2014 21:50

All very well until...
... The password has to be 6-8 characters, or needs 2 upper case letters, or cant use special characters and on and on... Then your system (which I do like by the way) kind of falls down, unless you have a solution?

PS, it actually took me 3 attempts to log in here to post this comment!

Thanks (0)
Chris M
By mr. mischief
18th Nov 2014 07:04

no problem

All of my voluntary passwords use both upper case letters and special characters.

I should have maybe chosen G54! instead of just 54! above to make that clear.

If the password needs to be exactly 6 characters including a capital letter and a number and a special character - which by the way is way too short for proper security - then it would be:

tbsG5!

Note that every year my entire system gets a security audit and certification from a local IT guy who has an accreditation system.  The last one the only point that was raised was I should consider putting a padlock on my office door.  All this password and encryption stuff passed with flying colours.

 

Thanks (0)
By Broniec Associates
18th Nov 2014 21:30

Make it Scalable

We handle the financial records of our clients every day. As an accounts payable auditing firm, we end up with a lot a data to secure. So, we take passwords seriously!

Another tactic that you can use when choosing a password is to make it scalable. You wouldn't want the number to correlate with the month, but you could increase the number in increments each time you change your passwords. Or, using the Easy Peasy Lemon Squeezy example, you could sequentially work your way through a book of poems.

Thanks (0)