Pesky Passwords

Published August 20 at 9:10 AM by Evan Meade
Comments (0)

We've all heard the lectures about password security 100 times.  We know the basics like "don't use real words," "no names of your family members," and "the most common password is the word "god."  We've heard these things before and I think most of us have a false sense of security about our how secure our lives are.

These days, password cracking tools are freely available on the internet.  "Hackers" with almost no skills download powerful tools that rapidly attempt to guess a password using combinations of every word in the dictionary and every name.  Personal computers are becoming more and more powerful meaning that the time it takes to attempt these brute force password attempts becomes shorter and shorter.  Also, new password cracking algorithms such as rainbow tables are becoming accessible, even to people that don't know how to use them.

On top of that, most people use the same password for everything.  Their personal email accounts, their banks, their retirement accounts, their facebook etc.  If not exactly the same, then some variation of the same.  If a hacker guesses your password for one account, what kind of access to destroy your life do they have?

My final argument in favor of paranoia is this: Let's assume bank websites are secure.  Those institutions put a premium on defending their customers from hacking attempts or internet vulnerabilities, so let's just assume those places are hack-proof.  Addditionally, let's assume those sites are the one place where we keep a ridiculously long, very secure password that is different from every other website we use.  Are we safe in this scenario?  If I were a hacker, I would avoid bank sites assuming they're too hard.  Instead, I would go after an email site.  I would assume people keep less secure passwords for their email and therefore they are easier to get into.

What kind of information would a hacker have access to if he could gain full access to my email account.  There's not really anything sensitive in my email account by itself.  What I'm concerned about is how many other secure websites are tied to my email account.  For instance, could a hacker go to my bank website and click the "I forgot my password" link and have my bank send a new password to my now compromised email account?  What about my 401k website or my investment account.  The possibilites are enough to keep me up at night.

So, what can we do?

First, follow good password behaviors.

  • Keep a separate, secure password for each website. 

I know how daunting this is, but there are tools to make it easier.  Keepass is a free, open-source password database that is a highly encrypted place to store passwords.  It will even auto-generate passwords that are as complicated as you want them to be.  You only have to remember one password to open your entire database of passwords.  It has the ability to copy and paste passwords so you don't have to type them and you can store the url's for important websites right in the app.  There are versions of keepass that you can keep on a usb thumb drive or even on your phone.  Another tool to make a secure life easier is Roboform - it has the same master password concept as keepass but will auto fill in website passwords once logged in.
 

  • Don't use real words in your passwords

A trick to make this easier to live with is to substitute symbols or numbers for letters.  For instance, if you want your password to be the phrase "world wide web," subtitute the lettering for something similar to "W0rldw1dew3b!"  It's easy to remember and won't be found in any dictionary.  Remember to use a mixture of lowercase and capital letters as well.

You can also use passwords based on phrases that are important to you.  The phrase "The Lord is my shepherd, I shall not want" would become something like "tLimsIsnw." 

Patterns on the keyboard are equally efficient.  For instance, start on the bottom row with the letter "z" and click through to the "m" and then do the same patter in reverse on the top row of keys.  Easy to remember, difficult to crack.

  • Change your passswords periodically

I recommend changing passwords frequently, at least every 90 days.  As personal computers get faster and faster, this can help keep you ahead of any password cracking attempts.  The longer your password is, the longer it takes to crack.

  • Keep your passswords at least 8 characters long


Hopefully, a good password policy will keep you out of heartache.  A little extra precaution goes a long way in this always connected world we live in.

Entry Tags: Home Page, internet, security, hacking

Comments

None.

Add Comment

Login using
Google Yahoo flickr AOL
and more
Or provide your details
Please enter your name. Please enter a valid email. Please enter a valid website.
Please supply a comment.