Given the time of year we’re wrapping up warm in the UK, enjoying(?) Christmas shopping and looking forward to a few days off work. You may also have been wondering about some of the less positive things associated with this time of year; burst pipes at home or in unattended offices and security when shopping online.
Passwords – the basics
The past couple of years have seen high profile stories relating to databases being hacked and personal details including passwords being compromised. In the autumn the Good to Know campaign started appearing in print and online adverts. This collaboration between Google and the UK Citizen’s Advice Bureau provides a set of resources for those wanting to learn more about internet security and how to stay safe on-line. Best practice for passwords include:
- Avoid the obvious passwords, like Password or 123456, the majority of us are guilty at some point of using what can be termed risky passwords, that is proper words with little or no numbers or special characters
- Make sure your password is at the very least 8 characters long – ideally it should be 10
- Use a mixture of upper/lower case letters, numbers and special characters, this makes it much harder to work out your password and it opens up millions and millions of possible variations.
- Don’t use the same password across your important accounts like your blog, google, social media sites or affiliate accounts. I fell foul of this one years ago when my password was gained from a less secure account and then used in my paypal account. It’s that simple, once your oh-so-hard-to-guess password has been identified then all your accounts where you use it are at risk.
For more information regarding passwords a good place to start is the Google’s “Good to Know” set of resources.
Even more fun is looking at http://howsecureismypassword.net/ and while you may not wish to enter an actual password you use, it gives you an idea of how even simply adding a number and special character can increase the time it may take to crack…try it with sauages, then add a number somewhere in the word, and finally add a special character. Sometimes a good password is a nonesense phrase or statement and then just mix it up with different cases, numbers and characters – just don’t go choosing sprinklecoateddoughnuts if you’re known for having a fondness for them!
Passwords – authorised accounts
The ongoing conflict between convenience and security! Many of us authorise widgets, applications, external services to connect with our key on-line entities e.g. a Facebook widget that Tweets your status updates, a widget that notifies you when you have a new story. What happens when you change your password on your main account, should you have to reauthorise all those add ons? What if your account had been compromised and a couple of new applications had been authorised that would allow the unauthorised person to still access your account and post or tweet as you?
Thanks to Adrian Kingsley-Hughes for flagging this one in relation to twitter but it’s worth taking note and periodically checking out the applications that you’ve authorised to interact with any of your blogs, or social media accounts.
Burst pipes – Lost Passwords – Back up plans!
So what if the worst happens and your password is compromised, or you’re on holiday over Christmas and spill eggnog over your laptop, wrecking your hard drive? The best way to think about backups is – what would happen/how would I feel if everything got lost?
- Make sure you’ve populated answers and emails in your password recovery settings. If you have populated this information, do you still have access to the recovery email address? Yes I’ve fallen into this trap, not updating my recovery email address when I changed jobs.
- Back ups for PCs, emails and online applications. We hate doing back ups, they take time that we could really be using somewhere else Of course if you have a hosted blog then excellent, your provider will look after the back ups…but is that covered in your contract, are they daily or weekly backups? Perhaps you have an IT team who run back ups on the network, but what about those files you’ve not copied across to the network folder? Sometimes it may be best going for a “belt and braces” option and running your own back up on your important content or files.