Nadine Dorries is a ‘marmite’ politician – you either love her or hate her. And this view was made all too clear by her stint on the reality TV show ‘I’m a Celebrity, Get Me Out Of Here’ back in 2012, where she made plenty of headlines but was the first person to be eliminated.
This week, she has made herself unpalatable to everyone after posting a tweet in which she confirmed she shared her work account passwords with staff members. Other MPs have confirmed they do the same too and Dorries later defended herself saying it didn’t matter because she isn’t a Government minister.
But as Jim Killock, of the Open Rights Group, noted, she does manage constituency correspondence and may, therefore, be in breach of data protection laws.
In this article, we will explain why sharing passwords, like Nadine Dorries, is not only stupid, but potentially dangerous too. Here are our 5 top password tips to help you avoid becoming Nadine Dorries.
1) Never share your passwords
Sharing passwords with anybody is akin to handing over a front door key to your house. In the case of Nadine Dorries, she is allowing staff members access to her parliamentary work account.
This is potentially giving them access to systems which allow her to access confidential information, as well as tools which only MPs are allowed to use, such as the e-tool used to table parliamentary questions.
But it is no less dangerous for individuals to do this too. Handing over passwords to computers can give someone else access to your emails, social media, private files, and even online banking details.
Even if the password is just for one service, many people use the same one for different accounts (which is not recommended) so you could unknowingly be allowing access to more information than you planned.
2) Never write down your passwords
Another common mistake people make is to write down your passwords to things. This is another big security faux-pas. Having a list of passwords is gold-dust to a burglar or thief as it gives them access to your entire online world.
Most people who do write down passwords say they need a list to remember them. That is not true. All websites have tools to help you recover or reset a forgotten password and there are also password managers which can help you remember securely these days too (see below).
3) Never use these passwords
One common but highly inadvisable trick people use to not forget passwords is to pick something easy to remember. Earlier this year, a survey by the password manager Keeper identified the most commonly used passwords and found that 50% of people used one or more the top 25 passwords on the list
But unfortunately, these are usually the same passwords hackers will try out first too. Using common passwords is basically the same as not using a password at all and there are plenty that should be avoided. To give you an idea, the top 10 of the 2016 list was:
4) Use these types of passwords
Constructing a secure password is not too complicated. There are a few basic rules to stick to. Every password should be at least 12 characters in length. The only excuse not to do this is if a website has a lower character limit. But these days, few reputable sites will.
You then need to be sure to use a mix of uppercase and lowercase letters, numbers, and special characters too. Try to mix these up too. The more random a password appears, the better it will be. Putting a ? or ! at the end of a password is better than nothing, but still the sort of thing hackers will try fairly early on.
It can be based on something memorable to you if absolutely necessary, but not something that might be obviously associated with you. If you are determined to try and retain all your passwords yourself (which is not only inadvisable, but almost impossible) try to pick something uniquely memorable to you. Or alternatively…
5) Use a password manager
A reality of the modern world is that we all have numerous online accounts and almost all of these will be password protected. You should never use the same password on two accounts. This means that to keep all of these passwords as secure as possible and try to remember them all is next to impossible.
This is where a password manager comes in. A password manager is a little online tool which stores all of your passwords securely and in an encrypted form. All you have to remember is a single password to access the password manager.
Most password managers will be able to help you generate random and secure passwords. They will also auto-fill sites for you, which makes logging in much faster and easier too. Here at VPNCompare, our Password Manager of choice is LastPass, which is one of the longest standing and highly regarded on the market.
There are others available if LastPass doesn’t meet your expectations. A few more to look out for include:
- SplashID Safe
… and if remembering the password for your password manager is too much, take a look at the YubiKey which is a little hardware device that can remember the master password for you.