The Internet Of Things
shadow

Passwords please

Passwords please

I think that without doubt the biggest issue that I see when visiting customers relates to passwords. This week for example I’ve had to recover at least 5 users passwords and it’s still only Wednesday!

The problem is that we need passwords for most activities online, and all too often the password is set up using “something that I’m sure I’ll remember” but all too often it is not remembered. Set up a few in that way and I challenge anyone to recall which one is which. If you don’t know your password then they are usually (but not always) ways to recover or reset it, see later in this article.

So, what is the recommended way to create and manage your passwords? Should you use the same one for everything, or should you have a “system”, or use a password manager?

Using the same one for everything is not a secure or viable solution since obviously once it is known everything is open, and also some sites have different criteria for passwords and some require you to change them from time to time. Some people use a “system” For example I use a phrase which is at least 8 characters long, has a mixture of upper and lower case letters and numbers along with special characters such as - ! ? etc This meets the needs of most sites and I simply alternate the first two and last two characters from site to site or if they ask for a new password. That way I only have limited options to chose from when I log in anywhere, and it is relatively secure. I also use a “password manager”.

Password managers

Password managers work well if you have a large number of sites requiring logins. These are usually add ins to your web browser (Edge, Internet Explorer, Chrome, Firefox) and work by recognising when you are on a familiar site and then providing you with the relevant password. They will also generate very secure passwords when you are signing up for something new or resetting your password. You manage the stored passwords by accessing the password manager using a master password which is very secure and which you do need to make a note of somewhere safe. The advantage of password managers is that you can have very secure passwords, they are stored in one place and can automatically populate the password field when logging in. The disadvantage is that you do need to have them on all devices if you access common sites on your laptop, tablet and/ or phone and they are not all available on all platforms. Popular password managers are “Lastpass”, “Dashlane” and “LogMeOnce

Recovering passwords

Now there are always potential ways in which to recover passwords, but you do need some form of identification to be able to do it. Usually the email address that was used when setting up the account is sufficient since a password reset link can be sent. However, what happens if it’s your email password that’s the problem and you cannot access your email?

Your internet service provider, such as BT, Sky or TalkTalk may be able to help on the phone if you have a problem and are using one of their email addresses (xxx@btinternt.com or xxx@talktalk.net for example)

When you sign up for some accounts, such as Google (gmail) and Apple, they will ask you for an alternative or recovery email address if you have one or a phone number so that in the event of you forgetting your email password you can receive a code to validate your credentials. They may also ask you some memorable or personal questions that only you should know the answer to, for example the name of your first teacher, or your best friend at school. These will be used if you lose your password and cannot access (or have not set up) your alternative email or phone. However, despite these multiple options the vast majority of difficult issues that I see with passwords are with Google and Apple accounts. Hardly anyone remembers their memorable questions accurately, or at least to the satisfaction of Apple!
The message for users of gmail and for those of you who have an Apple ID is to make sure that your recovery information is up to date. This means logging into your account and checking that the phone number is your current mobile, that any security questions are remembered, and that your alternative email address is accessible. Login to gmail settings here: https://myaccount.google.com/?nlr=1 and to manage your Apple ID here: https://appleid.apple.com/#!&page=signin

So, the message is, either set passwords that you can remember by using a system or use a password manager, and in any event, ensure that your recovery information is current and that you can access it and remember it.

As always, if you have any questions or need help with this or any technology related issue please get in touch.