Be the first to write a review
Free - Usability & security: Unlikely bedfellows?
With an ever increasing online population - 41 million users in the UK alone (source: Internet World Stats) - computer security and user authentication have never been more vital. Unusable security is expensive as well as ineffective. According to Password research, two-thirds of users had to reset their passwords/PINs three or more times in the last 2 years. With each password reset estimated at £35 in help desk costs (source: Mandylion research labs) it's easy to see how expensive an affair this can be.
Usability & security: Unlikely bedfellows?
With an ever increasing online population - 41 million users in the UK alone (source: Internet World Stats) - computer security and user authentication have never been more vital. Unusable security is expensive as well as ineffective. According to Password research, two-thirds of users had to reset their passwords/PINs three or more times in the last 2 years. With each password reset estimated at £35 in help desk costs (source: Mandylion research labs) it's easy to see how expensive an affair this can be.
Passwords
Passwords are by far the most widely used method of authentication. We're all having to remember more usernames and passwords by the day. It comes as no surprise then that over half of us use the same password for everything from work to banking to ecommerce, which is known to be poor security practice. More worryingly, 21% of people revealed their passwords in exchange for a bar of chocolate (source: Infosecurity Europe)! Clearly it's not all about making systems secure but making them usable too.
Passwords have long been considered insufficient within the security industry. Bill Gates even called for an end to passwords 2 years ago (source: CNET news). As that day still seems a long way away, let's consider what we can do to make the best of a bad bunch.
What you can do
As a website owner, you can make your customers' lives easier, and your site more secure by adhering to the following guidelines:
- Use e-mail addresses as usernames
- Don't ask site visitors to create separate usernames as this increases the number of items they have to remember.
- Allow passphrases rather than just passwords
- Passphrases are just like passwords but longer, being entire phrases instead of single words. They're typically 20-40 characters in length, an example use being Wi-Fi security. A sample passphrase would be 'PASSphrase1234567890'. Phrases provide context and are easier to remember than words in isolation. Passphrases are also harder to crack than passwords.
Helping users remember their passwords
To help your users choose secure passwords that are memorable, try suggesting some of the following tips to them:
- Use a passphrase instead of a password, if the system permits.
- If not, take a phrase and use the first letter of each word to make up a password that's easy for them to remember but difficult for others to guess. For example the phrase 'my favourite sweet in the world has to be chocolate' becomes 'mfsitwhtbc'.
- Then replace some of the letters with capital letters and throw in numbers and symbols to increase the password strength. For example use '1' or '!' for an 'i', '4' or '@' for an 'a' and so on. The above sample password 'mfsitwhtbc' then turns into 'Mfs!twht6c', which is much stronger.
Do your users have one password that they use for everything and want to keep it that way? They can have an easy life and be security-conscious. Here's how: Advise them to append an additional word/number at the end of the universal password to make it longer and more secure. The add-on can be related to the application/site they're on, so it's easy to remember and yet unique.
Here's an example - let's say the universal password is 'password' (which it should never be of course!). This is of course a rather weak password in terms of security. For a florist's site they can turn it into 'p@ssw0rdfl0wers' (for 'passwordflowers') and for e-mail it can be 'p@ssw0rdem@1l' (for 'passwordemail'), both of which are much more secure than the initial choice and unique to the respective sites. With just a few modifications, the new password 'p@ssw0rdfl0wers' becomes very secure.
Encourage your users to find out how secure their passwords are by checking their password strength on sites like Security Stats, Password Meter and Microsoft's Password Checker.
You can also suggest they check out Get safe online, a site dedicated to helping web users stay safe online.