Andy Taylor, one of our Volunteer Digital Champions, has over 35 years of experience in information security. In his latest blog post, he provides practical and easy-to-follow advice on how to stay safe online.
In my previous blog, I suggested three steps to take to avoid becoming a victim of a scam or fraud. This time I offer some slightly more technical advice on making your activities online safer and less likely to suffer from criminal actions.
The first and by 
far the most important safeguard is the use of passwords. We all hate passwords, often with a vengeance! It is frequently with an appropriate cause since passwords have been, and continue to be, the source of much annoyance. There are several cartoons around showing a user about to throw their PC/laptop/phone/tablet out of the window because of problems trying to log in to some website or account.
Why are passwords so important?
Passwords are important since they provide access to accounts through which much of our personal information can be discovered by criminals. It is essential that a golden rule is followed with respect to passwords. That is, use a different password for every site whenever possible, and most certainly for anything related to finance, personal information or other high-value information (to criminals) such as email accounts, and those passwords should be complex. This immediately raises the question of how to generate good passwords and how to remember them.
Use a password manager
The National Cyber Security Centre (NCSC), the UK’s national technical authority on cyber security, make the following recommendations. Firstly use a password manager or store the passwords in the browser to save you from having to remember them. Many will immediately say, “We were told not to store them in browsers because it wasn’t safe” and that is true. It was a while ago and since then the latest version of modern browsers (Safari, Edge, Firefox, Chrome, etc.) have all done a lot to make their password storage safe notably by at least encrypting them which means that, unless you have logged into the account, passwords cannot be seen and used. NCSC say this is fine.
Thereby hangs another issue though. If your device, particularly a mobile device like a smartphone, tablet or laptop, does not have a secure login set on them (when you start it up you go straight into the operation of the device without having to log on) then those passwords are not safe! There are many stand-alone password managers available and some are better than others. Some basic ones are free whilst others charge or come with an antivirus package, but the use of any password manager is better than not using one!
What is a strong password?
Then we get to the next problem of what is a strong password and how to generate one. There is again a lot of advice about this and anti-virus software can often make suggestions for you, but the NCSC uses a simple idea. For particular passwords that must be very secure, such as the one to access your password manager, they say: select three words that are unrelated in any grammatical or other sense but that means something to you (to help you to remember them). The choice could be (as an example): window, purple and Weymouth. It may be that they seem random (as they are!) but you know the property you walk past each day in Weymouth has purple windows. Our password would become Window, Purple, Weymouth! as a starting point. Note it is 25 characters long (which is an excellent start already assessed as Very Strong) and I have included both upper and lower case letters, punctuation marks and special characters (the spaces), four elements that are often required in passwords and make it even stronger. Spaces are sometimes not acceptable to access accounts so simply miss them out if necessary but do remember they are there if you need to write that password down for any reason! To make it even more secure, and to meet the final requirement of including numerals, we can change a few of the letters for numbers so it would become: W1nd0w, Purpl3, Weym0u7h! Using a password strength checker (such as at www.passwordmonster.com) it says it is “Very Strong” and would take about 32 million years to crack! I think that would do to ease my security mind!
Next time I will look at backups and updates – should we do them and if so why, how and when?
