GEEKNOTE: This past week witnessed the admission of two large websites that their customers' passwords had been compromised. This should not come as a surprise. I am of the opinion that ANY website or Internet account can be hacked if someone wants in bad enough.
There is precious little you can do to protect your privacy if some three letter federal agency takes an interest in you. Post a few thinly veiled threats online against a high ranking federal official, and I can pretty much guarantee that, at the very least, you will be on somebody's radar.
For most of us though, it is pretty safe to say that there ARE some steps to keeping our Internet accounts secure. The first step is to create a new password when you join an Internet site or create an email account.
Passwords need to be hard to guess. It helps if they are more than a few characters long, aren't words or easily guessed strings, and if they also include numbers and special characters.
Here are some examples of very weak passwords:
All of the examples above are susceptable to a so-called "dictionary" attack. This is a brute force attack where the bad guy simply tries all sorts of common words to break into an account. I've lost count of the number of people I've met who use one of the first four of these for one or more accounts. The fifth one, a pet's name, is easily guessed if you post any information about your family online.
Even a stronger password can be compromised if you don't practice "safe computing". Giving your login and password to someone who calls you up claiming to be from your bank or credit card company would seem to be obvious, but folks do it all the time. This trick is called "social engineering" and it is highly effective.
Clicking on attachments you get via email or installing software when you are prompted to by some website you've never visited before are two other ways that the bad guys can get enough control of your computer to snag your saved passwords and install a key stroke logger so they can get new ones. We caution or business customers especially about letting employees use company computers for personal things because of these threats. Once rogue software is on one computer in a network, it can easily spread to all the others it sees.
Don't use the same password everywhere. You don't want a compromised account on one site to result in everything being compromised.
So what makes a good password?
There are several things that can help:
- Use a different passwords for different things. That way, if one is compromised, they aren't all compromised.
- Use a combination of CaPiTal_Lett3rs and numbers and maybe even special characters in the password. Substituting the number 3 for the second e in letters is an example, as is the underscore between "capital" and "letters"
- Create a password using the first characters of a phrase you can remember. AOL sent me a million disks over the years, so "Asmamdoty" would actually be a pretty easy AOL password that would be hard to guess, but easy to remember. Likewise the name "Patch" reminds me of flat tires, so "Sears plugged my tire in 2011" could become "Spmti11"
You could further improve "Asmamdoty" by changing the "o" to a zero.
You could improve "Spmti11" by substituting an exclamation point for the "i".
The key is creating something easy for you to remember that won't be easy for someone else. Here are some more examples that I might (but don't) use:
Each of these could be used for a web login to one of the following sites. They would be impossible to guess from the website, but it should be a little easier to guess the website from the password. I even gave you a really easy hint on one of them. Try to match the password up with the website:
A Republican Party site
A Navy Veterans site
A Democratic Party site
Leave your guesses here, including why each matches and I'll give everyone the answers at the end of the week.
Rob Marlowe, Senior Geek, Gulfcoast Networking, Inc.
(Rob also serves as deputy mayor of the City of New Port Richey. Opinions expressed here are his own and do not necessarily represent the position of the city.)