Passwords the ultimate guide

Passwords do and don’ts

Now we are forced to use online services more than ever, security is a big concern. The number one way in which peoples online shopping banking and social accounts get compromised is poor password management. This guide is written by our own IT professionals in an effort to help you beef up your online security.

Below are some methods cyber criminals use to get hold of your passwords and how to avoid them, knowing how they get them is half the battle in making sure they don’t

Brute Force attacks

One of the simplest and most common ways to get someones password is to try logging into a target website with a program that automatically tries many thousands of different username password combo’s from a huge dictionary of words and numbers, this is called a “brute force attack” this method is extremely effective on short simple passwords like birthdays, names or worst of all just numbers. To protect yourself from brute force attacks use long passwords, at least 8 characters, no proper words and make sure to throw in at least one capital letter, a number and a punctuation mark, this type of password is virtually impossible to crack with a brute force attack, it would take many years trying different combos 24/7 and the longer your password the longer it would take. add to this most websites lock out after a set number of incorrect attempts for a preset time.

Don’t worry about how you are going to remember all your passwords, there is a simple solution for that explained at the end of this guide.

Key loggers

A key logger is a small program installed on someones device without the user knowing, it literally logs all the keys you press and sends the log to the hacker who can extract all sorts of information from what you have typed. Key loggers most commonly get onto your device from an email attachment, anything from a picture to a word document can be hiding a payload ready to infect your device. To protect yourself from key loggers, never open email attachments unless you know who they are from even then the sender may be innocently spreading the virus without knowing, so make sure your antivirus and anti malware software are operating correctly and up to date as these programs will catch 99% of them.

The defence that is 100% effective against key loggers is to never physically type your password, sounds impossible but we will show you how this is done at the end of this guide,

Using the same password multiple times

A big mistake we are all guilty of is using the same password for different sites. Say for example you sign up for an account at some shopping site, you fill out the registration using your usual password, unfortunately some time later the site is hacked and everyone’s details are stolen, the hackers now have your password for all the sites and services you have ever used it for, one of the more common ways peoples identities are stolen is from this scenario.

Simple solution, never use the same password twice. Don’t worry about how you are going to remember all your passwords, there is a simple solution for that explained at the end of this guide.

Dodgy websites

Some websites out there are not just offering what they appear to be, Take for example some obscure online shop you have never heard of tempts you with an amazing offer so you sign up and check it out, turns out to be not what you thought, hey ho never mind. However there is a profitable black market for usernames and passwords and the site operator sells your details to the highest bidder. spammers buy email lists and hackers like passwords for all the aforementioned reasons. By the way reputable sites would never ever do this.

To avoid this kind of scam, if you are tempted to register on a website that is not, shall we say, family orientated, or simply something you have never heard of other than in some random pop up add in facebook, have a secondary email address from one of the freebies like gmail or outlook and only use this address for such things and of course use a random password as mentioned before.

The simple solution to all the above

Wouldn’t it be great if your device could manage all your passwords for you, securely locked away in a place only you can access, enter your passwords into websites for you without pressing any keys for key loggers to detect and even automatically create highly complex unbreakable passwords when needed. Well such things do exist, they are commonly know as password safes, we have used many different ones over the years and would like to share with you the one that we think is the best of the bunch, simple to use and full of extras that make your online life so much safer. Its called Roboform

Roboform is a simple to use and very secure password manager, there are other similar options but this is the one we use and prefer. Your entire collection of password, username combos are protected by one single password, if anyone gets your master password and uses it on an unauthorised device you are notified by text message and it will not work until you authorize the device. Roboform can generate those complex passwords for you, it can even remember details for filling out forms. There is a free version for a single device, or if you want to sync your safe over different devices the paid for version allows this and cost just 2 euros a month. If you want to try the paid for version use this link and you will get your first 6 months for free.