Softpedia
 
HomepageWindowsGamesDriversMacLinuxScripts buttonMobileHandheldNews

NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
Home > News > Webmaster > Google News

October 7th, 2009, 15:20 GMT · By

Google Tips for Stronger Passwords

SHARE:

Adjust text size:


In the light of recent security breaches, Google has provided several tips for securing your accounts
Enlarge picture
Online security is always a concern but with information on some 30,000 compromised email accounts from all of the major web mail providers surfacing this week, it's more apparent than ever that users need to do more to protect their online data. The accounts in these cases were stolen using all-to-common phishing schemes and weren't a result of poor security measures from the providers. Google was also hit in this latest wave but the company claims only about 500 Gmail accounts were compromised. Regardless of that, it decided to release several mostly well known and common sense tips on how to create stronger passwords for your accounts.

The first tip is to use unique passwords across different services and products. This really needs no explanation, when using a single password for everything; if one service is compromised, then an attacker can use the data to access all of the other ones the user may have. And, while having a Facebook account infiltrated may not seem like the end of the world, a compromised banking account is much more serious.

The second biggest issue is users relying on weak passwords made up of common words of phrases. In fact, one of the most widely used passwords is “password.” Google suggests using a combination of lowercase and uppercase letters plus numbers and symbols to make it much harder for an automated attack or a determined hacker to guess it.

Another common mistake is using passwords based on identifiable personal information. Using pet names or birthdays is an easy way to remember a password but it also makes it easy for an attacker to get a hold of that information and use it to guess the password. Many users also write down or save their passwords in a file on their computer in case they forget them. Google suggests not leaving the password lying around the office or save it in an obviously named and easy to find file where someone could steal it.

Finally, it is possible that users forget their passwords especially if they are stronger ones for sites they don't visit that often. In this case, most sites offer options for retrieving the passwords either by entering your email address or answering some security questions. But these too could potentially be used to steal the password so a good tip is to use information that isn't likely to easily be known by others.
FILED UNDER:
Google
Gmail
security

TELL US WHAT YOU THINK:

996 hits · 3 comments · Link to this article · Print article · Send to friend · Subscribe to news

MUST-READ RELATED ARTICLES:


Security Fixes in Firefox 3.5.3 and 3.0.14
Amazon Web Services Introduces Two-Factor Authentication
WordPress 2.8.4 Fixes a Security Vulnerability
Fortinet Files for $100 Million IPO
Google Docs Goes Public, Will Appear in Search Results

READER COMMENTS:


Comment #1 by: Eric on 07 Oct 2009, 20:23 UTC reply to this comment

I think all this advice is great, but the burden of having a whole lot of hard to remember, secure passwords outweighs the benefit, at least for most users. I'd be willing to bet that there are a variety of security professionals that, while smart enough to avoid "password" as a password, reuse their credentials across multiple sites.

The internet is a place of instant gratification, where waiting isn't really tolerated and people demand instant access to just about everything. These tips are all great, and each passing generation will probably adopt more secure password practices, but I doubt many security professionals really expect the general public to adopt these practices...


Comment #2 by: Parfeni Lucian on 08 Oct 2009, 11:55 UTC reply to this comment

I don't think they expect most people to actually take into account all of these practices but it's surprising how few people take even the most basic steps in protecting their accounts.
Having an unique password for absolutely every site and service is a bit of a stretch but having a different password for an obscure forum and your bank account is somewhat of a no-brainer.


Comment #3 by: John Hilst on 09 Oct 2009, 16:54 UTC reply to this comment

Tip #1 is spot-on here, and there are currently some software programs that can help manage multiple log-in credentials. Tip #2, while good advice, is less relevant to the current hack -- there's no way a breach of this magnitude was accomplished by guessing passwords or purloining credentials from office buddies' pockets. But of course it's good to cover one's bases everywhere.

At Thawte we feel this is further evidence for encrypting sites beyond the obvious banking and ecommerce urls. Both internet users and dev folks have their own side of this to attend to, but if, for example, Facebook and Twitter were encrypted with extended validation ssl, it would cut down on phishing attempts that could compromise log-in credentials across multiple websites (including banks and other financial institutions). Varying passwords will limit what credential hacks can access, but encryption will limit attempts to phish in the first place.

Copyright © 2001-2012 Softpedia. Contact/Tip us at

WindowsGamesDriversMacLinuxScriptsMobileHandheldNews

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   UPDATE YOUR SOFTWARE   |   ROMANIAN FORUM
© 2001 - 2012 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are
registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use