The cloud and passwords

There’s been loads of stories in the news recently on how celebrities have been vulnerable to “hacking” attacks where compromising and nude photos of the stars were leaked to the public. It’s widely believed that the “hackers” managed to get to the personal photos by obtaining the passwords to the celebrity’s cloud storage through brute force attacks and other well known methods of getting a user’s password.

Many may have initially thought that the attacks were because of a flaw in the cloud’s security, however an attack like this is simply the user’s fault for setting a password that is so easy to guess or get right through a simple brute force attack. So how can you make sure that you and your users are choosing the right passwords?

Basic password security

Before choosing a password, you should make sure that everyone knows the basics. Don’t choose a password that you use for other systems, don’t write it down, and make sure that it isn’t a dictionary word. The longer the better when it comes to passwords, as it is harder to crack passwords with long strings. Google has a great guide on basic password security that you can use as inspiration for your own security procedures.

Don’t be tempted by “obvious” passwords

You know the ones – “password”, “12345”, “abcde.” These are all passwords that every hacker will try first. As shown by the recent breach into passwords used by Adobe users, the most commonly used password is “123456” followed by “123456789” and “password.”

This was an analysis of more than 130 million users, and it’s surprising to see how people try to cheat the system. From choosing passwords based on keyboard layout (“qwerty” “1q2w3e4r”) to passwords based on the programme (“photoshop” “adobeadobe”) and passwords based on common nouns and names (“monkey” “daniel” “computer”), it shows that many users think alike when choosing something that’s memorable. So stray away from something obvious, and start thinking out the box with your password selections.

Don’t feel obliged to select a password that’s hard to remember

As pointed out in this xkcd comic, a password with four common random words can be a lot harder for a computer to guess than a password made up of one common word with letters substituted for numbers, capitals and other symbols.

What this is effectively showing is that the longer your password is, the harder it is for computers to guess it. And if it’s not using common password layouts (capital at the beginning, common letters traded for numbers), then even better.

Use two-step authentication

As a final extra security measure, two-step authentication is becoming an increasingly common tool for people logging on remotely. You will have probably used it for getting into your bank account – usually you will have to enter a password followed by another security question, or will need to enter a number from a physical authenticator you have. Services such as Google and Facebook also implement this strategy – you have to download an authenticator app or allow a log in via text message to get into your account.

This is a process that will most likely be used more often as users’ data is moved over to the cloud, and passwords become less secure as the software used to decrypt them gets increasingly clever.

If you need help getting your security process in place, then we’re more than happy to help. Drop us a line to see what we can do.


Got an emergency? A one-off query?
Need IT support services in Sussex? 01273 652 300

Communications Intelligence, IT Consultancy and Support, Brighton, Sussex