I know your password....

Hey there, Gamers and Game Makers!

Ok, I lied. I don't actually know your password. As part of my degree course, we have a secure systems module. Since I started this module, my eyes have been opened to just how lazy we tend to be when it comes to our own cyber security. When it comes to setting passwords for our devices and online accounts, we tend to pick something we can remember and thus something simple. I'm willing to bet a lot of you use a dictionary word followed by a series of numerical values and maybe a special character, right? Don't worry. That's actually a simple psychological pattern most people follow.

This does however make it very easy for people to figure out your passwords. Most databases that store your passwords run them through a hash algorithm to encrypt them. Now, while most sites are going to add what's called a salt to your hashed password to further add a level of difficulty to cracking your password should the database be compromised, it's actually quite easy to reverse the hash if there is no salt. In our class, we tested each others passwords by giving each other the hash and trying to crack it. For a room full of future computer scientists, you'd be surprised at how many people had their passwords cracked.

The point I'm trying to make is that if your password is easy enough to remember, then it's actually not that secure at all. So if the most secure password I can have is one that I can't even remember, how the hell do I use that? Your first instinct might be to come up with a list of passwords that meet the requirement of what a secure password might be and store them in a text file on your computer. Well, that's pretty much the same as leaving your car keys in the ignition or locking your front door but putting a spare key under the doormat.

Never store passwords in plan text. If I can get access to your files or if i can monitor your session, then I've got all your passwords. So, how do I store all my passwords? Tools like KeePass make storing passwords far more secure. KeePass acts as an encrypted database that allows you to generate passwords using various algorithms. To access the database you require a master key or you can specify a removable storage device such as a usb to act as your master key. The database itself can be stored off of the computer itself for added security. A KeePass database itself is highly encrypted and while not impossible to crack, the resources required to do so make it highly unlikely that anyone is going to go to such effort for your Facebook password.

What do I want you to take away from this? Simply, I just want us to all practice better cyber security. Change your passwords often (every three months is good) and make your passwords as secure as possible. Wikipedia gives a good summery of what makes a good password and can be seen as follows:
​

• Use a minimum password length of 8 or more characters if permitted.
• Include lowercase and uppercase alphabetic characters, numbers and symbols if permitted.
• Generate passwords randomly where feasible.
• Avoid using the same password twice (e.g., across multiple user accounts and/or software systems).
• Avoid character repetition, keyboard patterns, dictionary words, letter or number sequences, usernames, relative or pet names, romantic links (current or past) and biographical information (e.g., ID numbers, ancestors' names or dates).
• Avoid using information that is or might become publicly associated with the user or the account.
• Avoid using information that the user's colleagues and/or acquaintances might know to be associated with the user.
• Do not use passwords which consist wholly of any simple combination of the aforementioned weak components.

Until next time!