Want better security? Make better passwords
If you're like me, you use the same passwords and pin numbers for everything -- and you have been using them forever!! David Sheets of the St. Louis Post-Dispatch suggests in the following article that we all become a bit more concerned with our passwords. Identity theft is running rampant. Read on for some great tips...
By David Sheets
ST. LOUIS POST-DISPATCH
11/04/2005
Admit it. You’ve used computer and online passwords that are, to say the least, embarrassing. “Password” is a favorite among most people. Last names, pets’ names and nicknames rank high among easy-to-remember password possibilities, too.
The key phrase here is “easy to remember,” and the problem with that is, the easier they are for you to remember, the easier they’ll be for someone else to figure out as well. It doesn’t help, either, when you expose clues for everyone to see.
Take Paris Hilton, now known as much for being the poster child of tech security as she is for … well, whatever else it is that made her famous. Remember when hackers broke into her T-Mobile Sidekick account and spread its Hollywood-confidential contents everywhere? Legend has it that she used her dog’s name as her password — not much of a hacking challenge, considering she carried her dog around as an accessory.
You’d think that with all the horror stories circulating about the need for better passwords people would be wiser and safer. But people evidently don’t feel safer. A survey by Consumer Reports last month found that nearly a quarter of Web users have stopped shopping online, or substantially curtailed it, for fear of viruses, spam or identity theft — the latter happening more frequently as the result of weak passwords.
Advertisement
We’ve said it before here at Tech Talk, and you’ve probably heard it elsewhere, but it bears repeating and repeating and repeating until more people catch a clue: Your security is mostly your responsibility, and the first step toward bolstering that security is creating tough-to-crack passwords and not leaving them somewhere for the world to see.
So, here are a few tips for better passwords:
• Don’t use your real name, for anything — This sounds obvious, but it’s obviously still a problem. (Even some of us here at Tech Talk are guilty of this one, especially those of us who have nursed user accounts since the Web was new.) Using your name or a slight variation of it only simplifies a code cracker’s work, because, if you think about it, that’s the first thing any of us would try.
• As we said, pets’ names, nicknames, maiden names and other family names are no-nos — You don’t want to reveal anything about yourself to malicious programmers and shady Internet marketers, so you’ll also want to …
• Avoid birthdates, anniversaries, other special dates and, especially, Social Security numbers — About that last one, no number is more important. Give up that and anyone can steal from your accounts, even create alternate accounts with your name. You might as well walk up to identity thieves and hand them your wallet. (An added tip: When you initially get or renew your drivers license, don’t let the examiner use your Social Security number as your license ID. Drivers license information pretty much is open to everyone online.)
• Avoid picking common words randomly from the dictionary — Crackers, or hackers with malicious intent, know this approach and will employ computers and special programs that do nothing but test Merriam-Webster’s knowledge base. That way, they’ll have an answer in a few hours, or a few minutes.
• Instead, devise nonsense words only you know — Getting creative makes crackers work harder, and like most criminals, they’ll shy away from challenges; they’re only after the easy targets, because the more easy targets they can milk in a short time, the more chances they’ll have to steal what they need quickly before they’re detected. You can complicate matters for them further when you …
• Intersperse lower-case and upper-case characters with numbers and special characters
• Even better, create a simple algorithm — As with most journalists, we at Tech Talk despise anything that smacks of mathematics, so it scared us at first to create a password using an “algorithm,” defined by dictionary types as a “recursive computational procedure for solving a problem in a finite number of steps.”
Talk about scary!
But we learned there’s really nothing to fear. A simple algorithm works like this. Think of a word and assign a number value to each letter — 1 for “A”, 2 for “B” and so on. Then, convert every other letter to a number. For example, “tech talk” would be:
T5C8 T1L11
That’s pretty simple and fairly easy to figure out, so we’ll make it more complex by altering the spelling by a letter, reversing “tech” and removing the space:
S6D9I4F21
You get the idea. The variations are endless, and they appear more random than they really are. You can even apply an algorithm to a Web site’s name, letting you have unique site passwords that are easy to remember. (We at Tech Talk prefer using the first letters of phrases we enjoy from books and movie dialog.)
Of course, so many devices and accounts either online or elsewhere demand passwords — many require changing after a few weeks or months — that keeping track tests even the sharpest minds. At the risk of severe criticism, Tech Talk suggests writing them down, just not keeping them in obvious “hiding” places, such as on a Post-It note stuck to the bottom of your keyboard, or worse, on the edge of your computer monitor.
Granted, no password is perfect, and no hiding place is ideal, but the key here is minimizing risk. As noted earlier, crooks don’t want challenges; they want results. A strong password dissuades them, prompts them to look for trouble elsewhere. The better your passwords, the more likely you’ll be a challenge, instead of a chump.
By David Sheets
ST. LOUIS POST-DISPATCH
11/04/2005
Admit it. You’ve used computer and online passwords that are, to say the least, embarrassing. “Password” is a favorite among most people. Last names, pets’ names and nicknames rank high among easy-to-remember password possibilities, too.
The key phrase here is “easy to remember,” and the problem with that is, the easier they are for you to remember, the easier they’ll be for someone else to figure out as well. It doesn’t help, either, when you expose clues for everyone to see.
Take Paris Hilton, now known as much for being the poster child of tech security as she is for … well, whatever else it is that made her famous. Remember when hackers broke into her T-Mobile Sidekick account and spread its Hollywood-confidential contents everywhere? Legend has it that she used her dog’s name as her password — not much of a hacking challenge, considering she carried her dog around as an accessory.
You’d think that with all the horror stories circulating about the need for better passwords people would be wiser and safer. But people evidently don’t feel safer. A survey by Consumer Reports last month found that nearly a quarter of Web users have stopped shopping online, or substantially curtailed it, for fear of viruses, spam or identity theft — the latter happening more frequently as the result of weak passwords.
Advertisement
We’ve said it before here at Tech Talk, and you’ve probably heard it elsewhere, but it bears repeating and repeating and repeating until more people catch a clue: Your security is mostly your responsibility, and the first step toward bolstering that security is creating tough-to-crack passwords and not leaving them somewhere for the world to see.
So, here are a few tips for better passwords:
• Don’t use your real name, for anything — This sounds obvious, but it’s obviously still a problem. (Even some of us here at Tech Talk are guilty of this one, especially those of us who have nursed user accounts since the Web was new.) Using your name or a slight variation of it only simplifies a code cracker’s work, because, if you think about it, that’s the first thing any of us would try.
• As we said, pets’ names, nicknames, maiden names and other family names are no-nos — You don’t want to reveal anything about yourself to malicious programmers and shady Internet marketers, so you’ll also want to …
• Avoid birthdates, anniversaries, other special dates and, especially, Social Security numbers — About that last one, no number is more important. Give up that and anyone can steal from your accounts, even create alternate accounts with your name. You might as well walk up to identity thieves and hand them your wallet. (An added tip: When you initially get or renew your drivers license, don’t let the examiner use your Social Security number as your license ID. Drivers license information pretty much is open to everyone online.)
• Avoid picking common words randomly from the dictionary — Crackers, or hackers with malicious intent, know this approach and will employ computers and special programs that do nothing but test Merriam-Webster’s knowledge base. That way, they’ll have an answer in a few hours, or a few minutes.
• Instead, devise nonsense words only you know — Getting creative makes crackers work harder, and like most criminals, they’ll shy away from challenges; they’re only after the easy targets, because the more easy targets they can milk in a short time, the more chances they’ll have to steal what they need quickly before they’re detected. You can complicate matters for them further when you …
• Intersperse lower-case and upper-case characters with numbers and special characters
• Even better, create a simple algorithm — As with most journalists, we at Tech Talk despise anything that smacks of mathematics, so it scared us at first to create a password using an “algorithm,” defined by dictionary types as a “recursive computational procedure for solving a problem in a finite number of steps.”
Talk about scary!
But we learned there’s really nothing to fear. A simple algorithm works like this. Think of a word and assign a number value to each letter — 1 for “A”, 2 for “B” and so on. Then, convert every other letter to a number. For example, “tech talk” would be:
T5C8 T1L11
That’s pretty simple and fairly easy to figure out, so we’ll make it more complex by altering the spelling by a letter, reversing “tech” and removing the space:
S6D9I4F21
You get the idea. The variations are endless, and they appear more random than they really are. You can even apply an algorithm to a Web site’s name, letting you have unique site passwords that are easy to remember. (We at Tech Talk prefer using the first letters of phrases we enjoy from books and movie dialog.)
Of course, so many devices and accounts either online or elsewhere demand passwords — many require changing after a few weeks or months — that keeping track tests even the sharpest minds. At the risk of severe criticism, Tech Talk suggests writing them down, just not keeping them in obvious “hiding” places, such as on a Post-It note stuck to the bottom of your keyboard, or worse, on the edge of your computer monitor.
Granted, no password is perfect, and no hiding place is ideal, but the key here is minimizing risk. As noted earlier, crooks don’t want challenges; they want results. A strong password dissuades them, prompts them to look for trouble elsewhere. The better your passwords, the more likely you’ll be a challenge, instead of a chump.
posted by Russell T. Nolting at
2:18 PM
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home