A few tips on passwords and online security

The passwords you use to log in to your business email account, to the control panel for your domain and hosting account, can be of vital importance to your online presence. Yet, in our experience, our clients often use very bad passwords, chosing ease of use over security. What's a bad password? One that's easy to guess or crack.

Here's a few examples of very, very bad passwords:
password
password1
123456
123456789
admin
qwerty
111111
123123
abc123
iloveyou
fuckyou
baseball1
aaaaaa

The list goes on, but that's the general idea. These are the most commonly used passwords - and these are, therefore, among the first passwords someone will try when trying to get into your private accounts, along with your name, surname, your wife's name, or your child's birthday.

Here's how you can make their task more difficult, if not impossible:

• Avoid common and easy-to-guess passwords Avoid common names, common letter or keyboard sequences such as 'qwerty' or 'abc', common passwords, words that can be found in a dictionary, any short sequences of letters. If a robot script is trying your account, it can go through thousands of these simple sequences in very short time.
  
  Mix letters, numbers and punctuation. Lowercase passwords are checked early, because most people have all-lowercase passwords, as they are easier to type 'blindly'. Or, people commonly add a capital letter to the start or end of their password, so do something different - use capital letters in the middle or at the end of your passwords. Mix in punctuation marks like !,@,#,$,%,{,},^,*,?,_,~ or even hit your space bar.
  
  Do not use your own name, the name of your pet, your birthday or your city for password. Remember, the person trying to get into your account can be your neighbour, your ex, your business competitor, or someone reading from your Facebook page.
• Use pass-phrases instead of passwords Use a sentence that’s easy for you to remember - a sentence about your last vacation, the first phrase your child has ever said, a verse from a little-known poem - that a hacker can't know or guess. Use the sentence complete with all the uppercase letters, punctuation and numbers.
• Use padding for your password Long passwords are more difficult to crack by what's called brute force attack. To make your password longer without having to remember a very long sequence of characters, you can use padding. Instead of using something like 58e%1Tu!Cr for your password (which is good but shortish) use 58e%1Tu!Crrrrrrr - the same password, now padded with a sequence of characters at the end (or beginning or in the middle - be creative) that's easy to remember.
• Do not use same passwords for different systems If one is cracked into, you don't want all other accounts falling like dominoes.
  
  If you feel remembering dozens of passwords is a hassle, you can use one password with a 'salt' - a part of the password that is different for every account. A different number, or a part of a name of the system you're logging on to, or better yet, think of a system that makes sense to you but isn't too obvious to anyone else.
• Keep your password private Dont' tell people your password unless you must. If you have to share it with someone, see that they can keep it secure, and change the password when they no longer need access to your account.
  If you have to write down your password, make sure you don't leave the paper where people you don't trust can see it.
  If you use your smartphone or tablet for access to sensitive networks, protect it by a password. Devices get lost or stolen, along with everything on them. If you think typing in passwords is cumbersome, just think what you'll need to do if you lose it.
• Change the password frequently Yes, it's a pain, but it's worth it.
• Be wary of emails asking you to click a link, then enter a password Someone - anyone - can send you a spoof email designed to mimic an email from your domain registrar or hosting provider. Into it, they embed a link you click that, instead of a trusted website (say, trustedregistrar.com), takes you to a fake one (trustedregistrar.hacker.com); if you enter your password on that page, the hacker can capture it and log into your account on the real system. This practice is often called phishing.
  
  To prevent it, make sure you check the sender of every email from your web hosting company, and look at the URL of your web hosting login page before typing in your password. Or always go straight to the system you want to log in to (say, typing your registrar's address into the browser's address bar) and enter password in there.
• Create backup copies of all your important data That goes for website files, databases, important information you only have stored in your emails, photos, address books - anything and everything that might be critical to your business. Keep the backup copies in a separate, offline location if possible. Create back-up copies regularly.