Password Health Check
As we approach the end of the year, and start to sort through and tidy up our lockers, drawers, desks and piles of “to-do,” it is a good time to also tidy up our passwords.
Despite being aware of the security risks of weak passwords, many of us still tend to create the weakest possible passwords (and use them for more than one account), unless forced to do otherwise. This is often because the increased security benefits can be perceived to be outweighed by the mental burden of having to recall more complex passwords, regularly changing passwords, and having more passwords overall (Florencio & Herley).
During the last school holiday break, a number of student accounts were compromised. These student email accounts were used to send spam emails to external recipients. When this was detected, affected student accounts were disabled by PLC, and the students were required to visit the Tech Centre to change their passwords and re-enable their accounts. Some students have been using their school credentials to create accounts for external software and websites that have been breached. This highlights the need to change passwords regularly (every 6 months is recommended to students), and to use different log in details for different software and website accounts. Students were requested to change their passwords earlier this term.
Did you know? Automated software can guess up to 350 billion passwords per second (staysmartonline).
The good news is that there are some easy things you can do to make your passwords stronger and safer:
- Use “passphrases” – the longer a password is, the stronger it is, and phrases can be easier to recall
- Avoid using personal information (eg nicknames, pets, street) or single dictionary words
- Use two-factor authentication where possible for high risk accounts e.g. banking, online payments, social media
- Log out of accounts when not using them
- Do not use saved passwords
- Be very cautious about using password-protected services on public computers or when using public WiFi
- Never give out your password in response to an email or phone call
- If you are worried that you (or your child) might forget your/their password, write down a question or clue about the password, rather than the password itself, and keep this well hidden
- Keep your operating systems up to date
- Check that the URL you are using to log in contains https – the “s” stands for “secure” and means that communications are encrypted
- Set auto-lock on your devices to one or two minutes
- Consider using a password manager on your device/s – this will generate and secure passwords, but could be problematic if the password manager itself is breached
How safe and secure are your online habits? Take this Technology Checkup Quiz to find out.
For further information, visit:
To see a list of websites that have been breached at some point: