CYBER BLOG: Online Shopping

CYBER BLOG: Online Shopping

It’s that time of year when we all (well most of us) start our Christmas shopping and online shopping has been growing every year. Normally when we get to the checkout page we need to create an account or sign in to an existing account. This involves giving away some personal details, such as our email address and creating yet another password.

Over the years we have always been told that our passwords need to be ‘strong and complicated’ and we normally have to meet some form of complexity rules such as having upper- and lower-case letters, numbers and special characters. The problem with this approach is that this makes the passwords difficult to remember. As such people tend to use ‘tricks’ to make the passwords more memorable. Typically users will create a password that is a dictionary word, use a capital at the beginning of the word and append a number to the end. If they need to use a special character then they will probably replace one of the letters with a symbol that looks similar to the actual letter, like replacing an ‘a’ with ‘@’.

When someone is trying to guess passwords, they will run through a dictionary of words and create rules to match the common pattern of creating passwords as above. This means that “’[email protected]” is no more secure than ‘Password1’.

The best advice when it comes to passwords is that the longer the password, the better it is. Most services demand that you have a password of at least eight characters and that is the most common length of password used by most people. We need to start thinking in terms of longer passwords. A sixteen-character password is not just twice as secure as an eight-character password, it is much more secure than that.

The best way to create a password is to use three or four random words. This helps you create a much longer, more secure password that can be easy to remember. If you need to use special characters then use them to separate the words.

Again, it is important that we do not reuse passwords. This just makes it easy for the criminals to access multiple accounts. We need to make sure that every account has a different password. But how do we manage all those passwords? Well the best advice is to use a ‘Password Manager’. This is a special piece of software that will store all of your passwords securely and all you need to remember is the one password to get in to your Password Manager. There are lots of different Password Managers out there that allow you to ‘sync’ your passwords across multiple devices and will help you create long, strong and random passwords. Have a look on a search engine and find one that suits you best.

As for having to give away details such as your email address, what if you are not comfortable doing this? Well one way around this is to different email addresses for different purposes. I have one email address for work, one for personal things and another for signing up to services. This means that the junk or spam email that comes in to my personal and work emails are kept to a minimum. It also means that if I get an email to my personal from ‘DPD’ saying that there is a problem with my delivery, I know straight away that it is not genuine. It should have gone to my email address that is used for online shopping.

Chief Ethical Hacker Gerry Grant

For more information and advice please email [email protected]

Related News

Member Log-In

Welcome to the SBRC Members Lounge, login details will be issued to members in due course.

Forgot password?