Password Security

Last week my attention was drawn to a New York Times article about teens and their passwords.  It suggests that young adults are proving their commitment to their friends and partners by sharing passwords.  It seems that it has become fashionable.  People partaking in this practice are leaving themselves open to cyber bullying and data protection issues amongst other potential threats.  It could possibly result in imprisonment!

In my job I’d say I see one pupil a week who comes into the office with a complaint of documents missing, or their password has been changed.  More often than not, it’s another pupil who has logged in and decided to cause a bit of mischief.  This is not always because they have shared their password; sometimes it is just incredibly easy for anyone to work out!  This is the one pupil a week who tells me.  I suspect there are many more who just replace the work, or find out who changed their password and somehow get it out of them.

Danah Boyd argues that younger generations are comfortable with password sharing because parents have encouraged it over the years.   If you ask an average 14 year old, they probably know their parents credit card PIN and their home computer password.  Which may well be the same password that is used for absolutely everything else!

I’ve been even more worried recently when a colleague popped into the office complaining that all his work had gone.  After some questioning it turned out that he had left pupils using his account without any supervision.  What makes matters worse, after our little conversation, he enters my office once again today, and announced that he has allowed a teacher in training to use his account because she hasn’t got one yet; a process that takes all of two minutes!

Is highlighting the dangers enough to change peoples habits?

It seems complete alien to me to hand my password to anyone at all or allow people to use my accounts.  I think this worries my girlfriend some what, who will happily give me her (thankfully extremely complicated) password on a daily basis if I’d let her.  However not only am I protecting myself, I truly think I’m protecting her too.

I’ve recently discovered Lastpass. A service which allows you to securely store (256bit AES encrypted) all your passwords on your own machine.  Synchronised with all your other machines.  They offer browser plugins for Google Chrome, Mozilla Firefox, Internet Explorer, Safari and Opera.  All for free.

The idea is you create a single, very secure password as your ‘master password’.  You then use this master password to access all the usual websites and services you would normally.  Every time you visit a website you need to log into, lastpass pops up and will fill in your details, after authenticating with your master password.  You are encouraged to reset all your passwords using the random password generator. The advantage here is that if one site or password you use gets hacked, the password doesn’t allow the hacker access to any of the other websites you use.

However once you start using it, you soon realise that you can’t log in to things on your mobile so easily, or on the move.  That’s were their ‘premium’ service comes in…  but at only $1 per month, paid yearly.  It’s hardly going to break anyone’s bank!

Once you have gone premium there are apps for iOS and Android, and plugins for browsers on those platforms too.  You can also download a program to manage the passwords in programs you use as well as websites.

You don’t have to use a service like lastpass, but please think about changing your passwords if you suspect anyone knows it.  Follow this lovely guide by the Daring Librarian and give yourself a complicated, easy to remember password and most importantly – keep it to yourself.

Once you have a secure password, create another one, and possibly even another.  I used to have three passwords I regularly used before using lastpass.  One for my financial services and personal data, one for email and online shops, and a third for online forums and xbox live etc.  It’s more likely that the latter will be hacked.  I’d be the one who was hacked off if they had just allowed access to my banking details, wouldn’t I?

How do you ensure your personal password security? Why not comment or tweet me your thoughts…