Improving your password security and usability

We use passwords every day. Some of us have many of them. Sometimes we forget the ones we’ve created.

Whether it’s logging on to the Internet, checking email, personal banking or shopping online, most of us need passwords to access all of these services. These codes protect our most sensitive information, but we are often so overwhelmed with the sheer number of them that many of us resort to insecure practices. At the same time, information security and privacy has never been more important.

“Consumers have lingering anxiety about how secure their online profiles really are, but they are also prone to making mistakes in creating and maintaining passwords,” says University of Ontario Institute of Technology researcher Julie Thorpe, PhD. “The problem is that users are required to choose and remember a variety of complex passwords, which can be a challenging task.”

Dr. Thorpe’s research with the university’s Faculty of Business and Information Technology (FBIT) involves improving online security by designing systems that are more compatible with human memory and cognition.

“We need to design and evaluate stronger authentication systems that work with users’ memory,” says Dr. Thorpe. “Our research aims to produce secure and memorable password systems and policies, such as using easy-to-remember locations and phrases. We are also designing novel user interfaces that nudge people to choose stronger passwords.”

Dr. Thorpe will share some of her recent research findings during a free lecture Sunday, November 6 at the Royal Canadian Institute for the Advancement of Science in Toronto, Ontario. Her talk will raise awareness of the threats to passwords, strategies you can use to help protect yourself, and her research at the university to improve password security and usability.

Secure password tips

• Avoid re-using passwords on different accounts. Find a secure strategy for managing your passwords.

• Secure strategies for managing your passwords:
  • Consider using password manager software (make sure you choose a strong master password).
  • If you are not comfortable using password manager software, another option is writing the passwords down and storing them in a physically secure location.
    • Please note the importance of storing written passwords in a physically secure location. It should be a location that others do not have access to (e.g., a locked safe in your home or work office).

• Choose strong passwords that:
  • Are long (e.g., 12 or more characters).
  • Contain both uppercase and lowercase characters.
  • Contain numbers and special characters, and not just at the end of the password.
  • Contain unusual words and/or unusual sequences of words.
  • Do not contain common themes, e.g., love (especially in the context of "I love X"), sexual terms, profanity, royalty, animals, food, money, names, dates or places.

• Strategy for choosing a strong password:
  • Choose a phrase that you find memorable and no one could find online (e.g., “A coffee a day -- keeps the 5 Little Monkeys at bay”), and base your password on this phrase. For example, if you chose the first letter of each word in the above phrase, maintaining numbers and punctuation, you would have ‘Acad--kt5LMab’.