Thing 2: Online security

unlocked23 Things for Research involves many free online services that require you to create accounts and choose passwords. In this short Thing, we explore ways to protect your online identity on these services: password security, password managers, two-factor authentication, and why “letmein” and “trustno1” are bad password choices.

Picking a secure password

Not all passwords are created equal – a strong password will increase your online security more than any other single action. But what makes a password strong?

To begin, try experimenting with different passwords on this site:

It will tell you how long it would take someone to hack your password.

Passwords like “iloveyou”, “123456”, “batman”, “letmein”, and “trustno1” are not secure. For some reason, they’€™re all very popular choices – see this list for more:

Secure passwords fit somewhere along the right side of this continuum:

Weaker password Stronger password
shorter longer
connected to you (names, significant dates) random
words in the dictionary random letter combos
lowercase only mixed with uppercase
letters only numbers and symbols

Secure but memorable passwords

If you use the same password for any two of your accounts, then an attacker might only need to break into one of those two systems in order to break into the other. But we might use dozens of accounts every day – so how do you remember them all?

Some people start with a “base” password and use variations (e.g. different numbers, a different order) on different sites. This can work well, but it’s still a good idea to keep unique passwords for crucial services like your primary email address or bank account.

Some people use a passphrase instead of a password: three or four randomly chosen words are easier for you to remember and more difficult for others to guess. Just don’€™t choose a common phrase, song lyric, or movie title – hackers know about this trick as well.

Password managers

Many people use programs that remember your passwords for you. Some keep your passwords securely on a thumb drive, others store them encrypted on the web, others still represent a ‘formula’€™ by which passwords can be generated (and re-generated) on demand. Not only do these tools make you more secure online, but -€“ once you get used to them – they actually make your online life faster and easier, too. Try one of these:

  • LastPass and Dashlane are both easy-to-use, free, web-based password managers, with optional low-priced top-ups for extra features like smartphone editions and advanced two-factor authentication options

  • KeePass is free and open source, and runs on your computer or thumb drive, which some people consider more convenient or secure, but can take a little more work to get started

  • SuperGenPass generates unique passwords for each site you use, based on a master password (that you don’€™t use anywhere else); instead of remembering passwords, you just re-generate them; and it’s free

2-step verification

2-step verification is an additional stage that you can add when logging into some services to boost the security of your account. Many of these involve a unique number being sent to your mobile phone. You enter that number along with your password, so a hacker cannot access your account without physical access to your mobile phone. See these guides to 2-step verification:

try-this-iconTry this

You don’€™t need to do anything more to complete this Thing. Move on to Thing 3 for the next course activity.

explore-further-iconExplore further

For a funny overview of online security concerns, watch this video:


Parts of this Thing were adapted from 23 Things for Research Oxford / CC By-NC-SA 3.0

Header image: Falcon® Photography / Flickr / CC By-SA 2.0 Icons: Everaldo Coelho and YellowIcon / GNU Lesser General Public License

This post is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License.

Faculty logo

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s