cancel
Showing results for 
Search instead for 
Did you mean: 

Password Security Tips - World Password Day

TheresaV
Former Staff
  • 1930 Posts
  • 80 Topics
  • 12 Solutions
Registered:

christin-hume-Hcfwew744z4-unsplash.jpg

Hi everyone,

 

Another day, another cause! Today is official Password Day and whilst that might not sound very exciting, we wanted to take the opportunity to talk a bit about password safety and how certain features can help you increase yours. After all, it’s better to be safe than sorry! ok_hand

 

Create your secure passwords following the below best practices:

  • Your password should be 16 characters or more (currently over half of the passwords are eight characters or less, which are not as strong as longer passwords).
  • Your password should include a combination of letters, numbers, and characters.
  • Your password shouldn’t be shared with any of your other accounts or website login.
  • Your password shouldn’t include any personal information such as your address or phone number. It’s also best not to include any information that can be accessed over social media like kids’ names or birthdays.
  • You password shouldn’t contain any consecutive letters or numbers.
  • Your password shouldn’t be the word “password” or the same letter or number repeated.

 

While that might sound a bit excessive, it’s what gives you the security and comfort to use your devices and accounts without the fear of them being accessed by someone else. If you already have your password set, there are multiple ways to check how secure it is such as on websites like security.org. If you struggle to generate a secure password, you can either use a password generator that helps match all of the above criteria (for example here) or use an app that securely generates and stores your passwords, such as LastPass or 1Password.

 

Do you have any tips on how to create a strong password? Or do you use any other apps that help you store all of your passwords securely? 🔒

COVID-19 support - Help and support from O2 during the lockdown
Access for You: Registration - Find out how to register for our Access for You service.
Just joined the community or thinking of registering? Check out this handy starter guide!
Have a query about your account? login to My O2 for help


If you'd like to take part, why not register? slight_smile
signature

Message 1 of 24
5,386 Views
23 REPLIES 23

TheresaV
  • 1930 Posts
  • 80 Topics
  • 12 Solutions
Registered:

That's tru @Anonymous but I think 16+ is just considered the safest wink

 

I actually didn't even know you can include the @ in these kind of passwords @pgn 

 

@Anonymous not any website of course! But check out the one posted above, it's generally created to help people create safer passwords!

COVID-19 support - Help and support from O2 during the lockdown
Access for You: Registration - Find out how to register for our Access for You service.
Just joined the community or thinking of registering? Check out this handy starter guide!
Have a query about your account? login to My O2 for help


If you'd like to take part, why not register? slight_smile
signature

Message 11 of 24
1,125 Views

TheresaV
  • 1930 Posts
  • 80 Topics
  • 12 Solutions
Registered:

You are right @madasaf1sh it is a bit of a nightmare, I myself have to admit that I sometimes struggle to remember my passwords and often end up having to reset them. That's why I think it's great to have applications such as 1Password or LastPass to help you with this. Thanks for sharing the article, that's a great read on the topic and sure will add to the discussion around passwords!

 

That's a great start @Jenny105, however I think might be a bit dangerous if someone discovers this pattern. In that case maybe you could try one of the above mentioned apps or website to generate totally different passwords for each login and be on the safe side!

COVID-19 support - Help and support from O2 during the lockdown
Access for You: Registration - Find out how to register for our Access for You service.
Just joined the community or thinking of registering? Check out this handy starter guide!
Have a query about your account? login to My O2 for help


If you'd like to take part, why not register? slight_smile
signature

Message 12 of 24
1,123 Views

TheresaV
  • 1930 Posts
  • 80 Topics
  • 12 Solutions
Registered:

@Bambino wrote:

Fry.jpg


This sure would make our IT team laugh @Bambino sweat_smile

COVID-19 support - Help and support from O2 during the lockdown
Access for You: Registration - Find out how to register for our Access for You service.
Just joined the community or thinking of registering? Check out this handy starter guide!
Have a query about your account? login to My O2 for help


If you'd like to take part, why not register? slight_smile
signature

Message 13 of 24
1,123 Views

Anonymous
Not applicable

All joking aside this what I do: Have a different pasword for every site, make it long random mixed case/numbers/ etc, get your device to remember the passwords and auto-enter it for you.

Make sure your device (PC/Laptop/Tablet/Phone) is secure with all security updates and updated anti-virus and configured firewall.

For online payments I usually use Paypal (If available) as your card details are not made available to the website you are using it on. 

Okay the above is not the perfect solution but then nothing is, the most important thing is to keep your device and passwords secure. 

Message 14 of 24
1,110 Views

pgn
Level 74: Whizz kid
  • 35208 Posts
  • 223 Topics
  • 1558 Solutions
Registered:

@TheresaV wrote:

I actually didn't even know you can include the @ in these kind of passwords @pgn 

 


It is useable in many, @TheresaV - some call out

  •   # & ? / "

as invalid characters...

Problem with @ is the position of that character is dependent on the keyboard layout, so it is Shift-2 on US keyboards, and Shift-' on UK keyboards - so @Bambino may be struggling because he would typing 

 

  •   E"zy2Remember

 

instead of the example I gave...

Result? Incorrect Password! Confused

8a58aa5e7d36f84509a25534f0a83854.jpg

 

Message 15 of 24
1,098 Views

Bambino
Level 84: Resplendent
  • 22937 Posts
  • 1022 Topics
  • 3662 Solutions
Registered:

I actually have a Logitech solar keyboard that I brought with me from the UK, @pgn, so I don't have that problem. I didn't want to have to get used to the US layout after using the UK layout for so long.:smileywink:

I DO NOT WORK FOR O2



Funniest-Thread-2
Message 16 of 24
1,092 Views

sheepdog
Level 26: Upbeat
  • 3310 Posts
  • 31 Topics
  • 39 Solutions
Registered:

Hmm, passwords are a bane of my life. Rather password resets are my life. Be grateful you don't have to deal with I have to do every single day:

 

1) power on laptop, enter pin code

2) log on to windows user account

3) logon to vpn using a different user name, a six digit number plus a token code which you have to get by entering a passcode

4) Logon to one environment using a different username plus password and a code from a hardware token that you have to unlock with a 4 digit code. Then to progress, enter a username and password. Then to progress to the actual desktop, enter the username and password. Then once you're in, login to various servers and apps using usernames that are different to the ones you have used so far.

5) Repeat step 4 to login to another environment, this time using a different hardware token

6) Repeat step 4 to login to the other environment with a totally different hardware token unlocked with a pin

7) Repeat step 4 though this time, add in two extra remote desktop steps with totally different usernames.

😎 repeat steps 4 - 8 when the VPN drops for no reason.

9) Use the internal IT systems using a different username or the same windows user name or some random user name you've been assigned because they don't understand single sign-on.

10) repeat Steps 4-9 when the VPN kills your connection.

 

And it doesn't stop there, I have other environments that have to accessed using an authenticator app, a password, a pin code and a convoluted method of getting to that point. Also with a different username. Lets just say one password rules it all otherwise you'd never remember anything. Should I mention that the expiry period can be as short as 30 days? Imagine the fun I have once a month resetting passwords on systems that have different password policies. Before anyone suggests, password apps aren't exactly approved and another system I cannot be bothered with. 

 

Which brings me to the other pain: there is no standard method for password setting. Some have 8 characters that exclude certain ones, others demand you have to have a special combo but won't tell you what that is or if you're really unlucky you'll come across a system that remembers your last 15 passwords and variations of that. Its great for some security bod to say this is best practice when in reality its unworkable to do it so everybody resorts to keeping it as simple as possible. 

 

Would you like to know a simple password style that meets all requirements? Try this in your security checks if you don't believe me: Password_123!  Contains an uppercase, lowercase, special characters and numbers so ticking all boxes cool (er I wouldn't suggest you actually use Password_123! but um, lets say it does work in secure systems astonished )

 

Two things though: passphrases are a lot more memorable to come up with and how is the security officer going to check what you've come up with rofl Also obligatory XKCD link to Correct Horse Battery Staple 

 

I do like the Apple touch Id that er, fails sometimes forcing me to enter a PIN and I was quite taken by the Face ID on the Ipad Pro that also fails sometimes reverting to the pin. Still far more acceptable and useable than the convoluted login/passwords I have to tolerate. Biometrics is the way forward in my opinion. 

 

Message 17 of 24
1,071 Views

pgn
Level 74: Whizz kid
  • 35208 Posts
  • 223 Topics
  • 1558 Solutions
Registered:

Wow, @sheepdog!

Makes me glad of single sign-on (SSO) for all user-level business systems, and a single admin account for access to any back-end systems that I need to access for whatever reason.  The whole thing with the token was thrown out years back, now the encrypted laptop challenges for the SSO credential on boot-up and auto connects to the corporate network. Only downside is all traffic from the laptop passes through the corporate network, meaning certain sites are inaccessible, based on corporate policy, unless you request access to them via exception directly (if approved!).

Sometimes, the cookie crumbles your way...😉

 

 

Message 18 of 24
1,062 Views

pgn
Level 74: Whizz kid
  • 35208 Posts
  • 223 Topics
  • 1558 Solutions
Registered:

There's a lot to be said for using your own keyboard, @Bambino - I remember the days of "keyb uk" to get the £ symbol to work 😖

And if you're a Mac user, well, I have no clue!

Message 19 of 24
1,060 Views

TheresaV
  • 1930 Posts
  • 80 Topics
  • 12 Solutions
Registered:

That's exactly what I do as well @Anonymous, I use my Apple device to remember my passwords but also try to minimize the number of accounts I have in general. If I have the chance to for example, I prefer to check out as a guest on shopping sites to avoid creating just another account. After all, it's important we all just do our best to keep our accounts secure!

 

I always had @ come out as an invalid character but then again I think I only tried it a couple of times @pgn sweat_smile Learning something new every day I guess, that's why these discussions are so great even for me joy

COVID-19 support - Help and support from O2 during the lockdown
Access for You: Registration - Find out how to register for our Access for You service.
Just joined the community or thinking of registering? Check out this handy starter guide!
Have a query about your account? login to My O2 for help


If you'd like to take part, why not register? slight_smile
signature

Message 20 of 24
1,042 Views