Everything you ever wanted to know about passwords, and some things you didn't!
Today’s guest blogger is Matthew De Beer, who is a Product Feedback Analyst here at Skype. Take it away, Matthew!
How about we talk about password security? If that sentence made you roll your eyes and start looking for a way off of this page, I wouldn’t blame you. It’s a topic which gets a lot of focus on the internet and everyone thinks they’ve heard it all before. Stick with me though, I have some general suggestions for securing yourself online which might be a little different to what you know.
If you ask people what makes a secure password, a lot of them would tell you about the benefits of creating a long password with lots of different types of characters. To a certain point that is correct, but there’s a problem with this approach. The problem was brilliantly described by Randall Munroe in his xkcd web comic Password Strength. We’ve trained ourselves to think that if a password is hard for us to remember, it’s hard for a computer to crack, which is not always true. Next time you need a strong password, like one for your Skype account, try using a random word generator to come up with four common words to form an easy-to-remember password.
Over time, even the most secure password can be cracked though. That’s why changing your password frequently and using unique passwords for different accounts is extremely important in protecting your security online. I know what you’re thinking, it’s really difficult to remember changing passwords for all the different accounts we have on the internet these days. A piece of advice that some IT security professionals might find controversial is to write your passwords down and keep them in a secure, but easy-to-remember, location in your house or office. This might put your passwords at a slight risk, but it is less risky than having one unchanging password for all of your online accounts.
The use, and misuse, of security questions for the resetting of passwords is another topic that we pay attention to at Skype. We don’t use questions like “What was the name of your first dog?” to identify you at Skype, but other online services do. If you use a password for Skype that you use for one of those services, the security questions there could put your Skype security at risk. In recent years the most noteworthy abuse of these security questions was the hack of Sarah Palin’s email account during the 2008 United States presidential election. It is often easy to uncover the basic details which these security questions use to identify you. Here’s a tip for additional security on accounts that are protected by security questions. Think of easy-to-remember answers that are not related to the question at all. No amount of research will help a fraudster if you answer the question “Where was your mother born?” with “troglodyte”.