Passwords can be a pain. There are thousands of websites across the Internet that require passwords. Traditional advice has been to use different passwords for different applications. This is plainly impossible. A typical user of the Internet probably has passwords for their MSN, Gmail, YahooMail, Flickr, Picassa, Facebook, MySpace, Bebo accounts, as well as for their bank, mobile phone company, energy company, and innumerable other sites, some of which they’ve probably forgotten that they signed up for.

So, instead of saying each account should have a different password, I’d suggest that the best thing to do is to have a few passwords, but to have some rules around the ones that you use regularly.

  1. Always pick a good password. There’s a guide here that offers some ideas.
  2. Don’t use the same password for a mail account that you used to set up a social networking account with. For example, if you use the same password for Hotmail as you do Facebook, and one or the other gets “broken in to”, it’s likely the other will, too. And then it’s incredibly difficult to regain control of either.
  3. Do change them occasionally.
  4. Consider what you’re protecting. Don’t use the same password for all your important accounts (e.g. bank, email) and use a separate password for account for sites you’re not overly bothered about (e.g. that Fraggle Rock appreciation site you signed up to)
  5. Don’t share them! I know this sounds obvious but don’t let anyone else have your password – think about what you’re giving the access to. This is especially true for passwords at university or in the workplace – the risk is much greater than simply to your data as it could impact the whole organisation.

These aren’t simply theoretical risks. In the last few months, I have dealt with situations including the hijacking of a Facebook and related Hotmail account – believe me when I say that this is not easy to resolve – and several instances where people have sent their usernames and passwords to scammers.

The reason scammers want your username and password in a place like a university is because they want to send spam through the universities mail system. Unfortunately, this can lead to the whole university being blacklisted as a spammer and no-one will be able to send or receive email.

Please take care of your passwords.