Safety online: Passwords and Security

Have you ever wondered what your rock star name would be? If you became a really famous musician, you might want a really cool name. I can help you. You can go to my website and type in your full name, date of birth, the name of your first pet, your favourite colour and your postcode and I will suggest the best name ever!

Are you happy to do that? We do hope not… What might we do with all that personal information about you? Write down some ideas.

So how do we keep safe online? What scams might we come across and how will we spot them?

The trick you might have fallen for is called social engineering. It is when criminals use psychological tricks to fool you into giving away personal data. It might include free giveaways, quizzes or password generators.

Shoulder surfing is when someone watches you as you enter private information like a password or a pin.

Phishing is when you get fake emails that pretend to come from reputable companies or government organisations. Often they ask you to log in and then steal your login details.

So, what should you look out for if you get an unexpected email?

• Unexpected email with a request for information

• Message content contains spelling or grammatical errors

• Suspicious hyperlinks in email

• Text that is hyperlinked to a web address that contains spelling errors and/or lots of random numbers and letters

• Text that is hyperlinked to a domain name that you don't recognise and/or isn't connected to the email sender. You can check this by hovering over the link with your mouse cursor.

• Emails that don't address you by name or contain any personal information that you would expect the sender to know

For example, what do you notice that is suspicious about this email?

Dear valued customer,

We have noticed an unexpected login from your account and are worried that someone might be hoping to steel your informations. Please click this link and log in STRAIGHTAWAY so that we can protect you safely.

Yours faithfully,

Customer Services

ABC Bank Ltd.

Did you notice that they didn’t use your name? Surely if you have an account with this bank, they know your name? Also, there are spelling and grammatical errors and they ask you to log in STRAIGHTAWAY. Doesn’t that link look odd? It doesn’t even belong to ABC Bank Ltd.

Secure passwords

Most of us have lots of different online accounts and it is really tricky to keep track of all our passwords. Which of these things do you think you should or shouldn’t do to keep your details safe?

a) Use the same password for everything. It is much safer than writing lots of different passwords down

b) Replace letters with numbers, e.g pa55w0rd

c) Use your pet name or parts of your birthday, e.g. Toby1990

d) Use a long random password that only you will know and then use it for everything, e.g. S(3kskjhG72639#13e4ks

e) Just use the special secure password for important things like your bank

I hope you said, “None of those! They are all really bad!”

So, what can you do to help you remember all the passwords you need?

Commonly used passwords

On top of this, you can familiarise yourself with the most commonly used passwords so you make sure never to use those! They include things like 123456, password, qwerty... and variants of those. You can find the list here.

What is brute-forcing?

The longer your password, the better. This is because of a technique hackers use called brute-forcing. This is when someone tries lots of random combinations to find a password. For example, assuming a password is 5 characters long and contains only lowercase letters, I could try inputting aaaaa, and then aaaab, and then aaaac... and so on until I get to zzzzz.

Manually, this would of course take an extremely long time, but hackers can use software to try many combinations in a short amount of time. Making your password at least 10 characters long, and including numbers and special characters increases the number of possible combinations, which means it'll be a lot harder for the program to go through all the combinations... without being detected by the website as a robot.

In fact, most websites now have a protection against automated brute-forcing by only allowing a certain amount of requests in a given amount of time. At the end of the day however, the main protection comes from the complexity of your password itself!