Doing a recent survey of the type of password that children use*, it was interesting to see that most are savvy about their passwords and in some respects forced me to revise my own ideas about the whole issue of internet security and use of passwords. Okay there was a small proportion who use daft very easy to guess passwords, but the majority used passwords that was memorable to them. Which is perhaps applicable to most of us. However, my point is that if we use personal information as a password, we can inadvertently give this information away in the process of talking to others. This is not perhaps too worrying unless you consider how much information we give away about ourselves over time and the internet is very good at allowing us to record what is said over time. Couple this with the issue that you do not always know who you are talking to on the net and you start to get an idea of where I’m leading.
However, is the problem that somebody can potentially guess our password if we are not careful enough in our choice or that there is an issue about password management? To my mind this is something that needs now to be taught as part of any ICT course with frequent refreshers. Ideally you should have a different password for each account and be using numerics and symbols to make this more secure. Of course not all sites allow use the of symbols such as ! $ @ #.
Many individuals, particularly young people, now recognise the simple substitution of some letters for numbers eg i or l = 1, o = 0, e = 3, a = 4, or even 3 to mean “other”, but because this is becoming so common place it doesn’t take much ingenuity on the part of the person trying to hack your account to try this. The better way is to use a random digit or preferably digits somewhere in the password.
But, how on earth do you remember all these passwords? Particularly if you have hundreds of different accounts from simple sign-on’s for basic Internet sites, to shopping sites and financial accounts. Do you use different passwords for all your accounts and keep a master password list? Or use a single hard to guess password which you can change quickly should you accidentally tell someone? or Perhaps somewhere in between – a small number of passwords which you can easily remember?
Truthfully I don’t know what the best way is. Trying to remember a whole host of different passwords is something most individuals will find difficult, but so is the fear of losing a file that has all the passwords, even if the file is encrypted. Having a single strong password you can commit to memory avoids the problem of having this written down somewhere, but leaves you vulnerable if somebody intercepts the use of that single password. How many emails have you had back confirming the password you have just set?
Then of course at what point do you realise somebody else knows your password? I personally never want to find out.
* – I am in the process of writing up the paper, but its not published yet.