22/07/2014

By Alex Smith, Director of Sales Engineering, Intermedia

The Heartbleed bug, a major security flaw at the heart of the internet, had everyone scrambling to change their passwords. But now the dust has settled, it’s time to choose strong passwords which will have the best chance of protecting your personal information – to help you out, here are a few tips.

1. Go BEYOND the “8 character wall”

Passwords with 8 or fewer characters are worthless. Even though there are zillions of password combinations, a determined hacker with a botnet (or even a legal cloud computing platform) at his or her disposal can crack it in seconds. Make it 12 characters, and it suddenly takes far more resources and time than the hacker will deem it worth. To see for yourself, check this out.

2. Create UNIQUE passwords. One for every site.
Hackers love going after innocuous sites because they know that people often use the same password across more valuable sites, like their online banking. Plan for the eventuality that one of your accounts will be breached – never use the same password twice.

3. Get VERY creative.

Take a look at this list of the 100 most common passwords found in a batch stolen from Adobe. If your password is on there – or more importantly, if your password is even barely recognisable as English — it isn’t secure enough.

4. Religiously change passwords every six months.

Assume that one of the sites you use will be hacked – the best protection is to habitually change your passwords.

5. Use a secure password management service to simplify your life.

These services enable you to manage passwords from one location. By using computer-generated passwords, a password management service will create one that isn’t in the top 100 million of human-made passwords. What’s more, the service will automatically change passwords for you and store them in an encrypted wallet. The only snag is that forgetting the master password can mean you’re locked out — but that’s a small price to pay for your security.