We’ve all heard the lectures about password security 100 times. 
We know the basics like “don’t use real words,” “no names of your
family members,” and “the most common password is the word “god.” 
We’ve heard these things before and I think most of us have a false
sense of security about our how secure our lives are.

These days, password cracking tools are freely available on the
internet.  “Hackers” with almost no skills download powerful tools
that rapidly attempt to guess a password using combinations of
every word in the dictionary and every name.  Personal computers
are becoming more and more powerful meaning that the time it takes
to attempt these brute force password attempts becomes shorter and
shorter.  Also, new password cracking algorithms such as rainbow
tables are becoming accessible, even to people that don’t know how
to use them.

On top of that, most people use the same password for
everything.  Their personal email accounts, their banks, their
retirement accounts, their facebook etc.  If not exactly the same,
then some variation of the same.  If a hacker guesses your password
for one account, what kind of access to destroy your life do they
have?

My final argument in favor of paranoia is this: Let’s assume
bank websites are secure.  Those institutions put a premium on
defending their customers from hacking attempts or internet
vulnerabilities, so let’s just assume those places are hack-proof. 
Addditionally, let’s assume those sites are the one place where we
keep a ridiculously long, very secure password that is different
from every other website we use.  Are we safe in this scenario?  If
I were a hacker, I would avoid bank sites assuming they’re too
hard.  Instead, I would go after an email site.  I would assume
people keep less secure passwords for their email and therefore
they are easier to get into.

What kind of information would a hacker have access to if he
could gain full access to my email account.  There’s not really
anything sensitive in my email account by itself.  What I’m
concerned about is how many other secure websites are tied to my
email account.  For instance, could a hacker go to my bank website
and click the “I forgot my password” link and have my bank send a
new password to my now compromised email account?  What about my
401k website or my investment account.  The possibilites are enough
to keep me up at night.

So, what can we do?

First, follow good password behaviors.

• Keep a separate, secure password for each
  website. 
  

I know how daunting this is, but there are tools to make it
easier.  Keepass is a free, open-source password database that is a
highly encrypted place to store passwords.  It will even
auto-generate passwords that are as complicated as you want them to
be.  You only have to remember one password to open your entire
database of passwords.  It has the ability to copy and paste
passwords so you don’t have to type them and you can store the
url’s for important websites right in the app.  There are versions
of keepass that you can keep on a usb thumb drive or even on your
phone.  Another tool to make a secure life easier is Roboform – it
has the same master password concept as keepass but will auto fill
in website passwords once logged in.
 

• Don’t use real words in your passwords

A trick to make this easier to live with is to substitute
symbols or numbers for letters.  For instance, if you want your
password to be the phrase “world wide web,” subtitute the lettering
for something similar to “W0rldw1dew3b!”  It’s easy to remember and
won’t be found in any dictionary.  Remember to use a mixture of
lowercase and capital letters as well.

You can also use passwords based on phrases that are important
to you.  The phrase “The Lord is my shepherd, I shall not want”
would become something like “tLimsIsnw.” 

Patterns on the keyboard are equally efficient.  For instance,
start on the bottom row with the letter “z” and click through to
the “m” and then do the same patter in reverse on the top row of
keys.  Easy to remember, difficult to crack.

• Change your passswords periodically

I recommend changing passwords frequently, at least every 90
days.  As personal computers get faster and faster, this can help
keep you ahead of any password cracking attempts.  The longer your
password is, the longer it takes to crack.

• Keep your passswords at least 8 characters
  long

Hopefully, a good password policy will keep you out of heartache. 
A little extra precaution goes a long way in this always connected
world we live in.

So I run into more and more computers compromised by malware or
viruses everyday.  With internet access ubiquitous and with
computers connected to the internet 24/7 it’s just a matter of time
before some malicious hacker attempts to add your home computer to
a botnet somewhere in the world.  And staying on top of all the
required security updates can be daunting for a typical home user. 
Our computers are supposed to make our lives easier, right? 
They’re not supposed to cause us headaches and give us a night job
just keeping them secure.

One free tool that I have found invaluable for home networks is
OpenDNS for free content filtering for the everyman.  I recommend
this service to every home user.  This amazing service not only
protects your computer, but it protects your kids as well by
blocking viruses and malware, as well as filtering other yucky
content like porn, drug references or other adult contet.  All for
free if you’re a home user.  They do offer businesses service as
well for an incredibly cheap price.

They have great walk throughs on setting it up on their website
(http://www.opendns.org), but to summarize, you configure your home
router to use OpenDNS servers to resolve internet addresses instead
of the DNS servers your ISP provides.  Most users will need to run
a small piece of software on one pc on the network to update
OpenDns whenever your IP address changes, but it’s aslo very easy
to set up.

I can’t recommend this service enough – I’ve been using it for
several years now.

Here is a great blog post that gives instructions on configuring
many different types of home routers:

Other:Using OpenDNS to filter unwanted sites to your home network.

Wondering what you can do to help
the suffering in Haiti?  Here are some practical suggestions.

Make a CWS Kit 
–

For those seeking
additional ways beyond donations, Church World Service, a key
relief partner of the Christian Church (Disciples of Christ) is
providing hygiene, infant and medical kits. These kits are
assembled by volunteers and shipped to people in need.   For
individuals or groups wanting to assemble kits, visit the link
listed.  Kits can be dropped off at the Religious & Spiritual
Life Office in the first floor of Jarvis Hall at TCU. http://www.churchworldservice.
org/kits_main

Stay Aware and Involved – Various departments and
student groups will be coordinating their own efforts in the months
ahead. Post what you’re doing at the Facebook group “Horned Frogs
Reaching Out to Haiti” or email
faith@tcu.edu to receive occasional updates and let us know what
you’re doing.

Volunteer Locally – by getting involved with our
local Chisholm Trail American Red Cross chapter, you join others
who provide assistance during various disasters and relief efforts.
 This can include providing safety and health services,
transportation, education, disaster services and much more.  Click
here to volunteer http://chisholmtrail.redcross. org or email
faith@tcu.edu if you’re interested in Red Cross volunteering and
training with others at TCU.

A List of Selected Agencies Providing Assistance:
Visit the sites of the organizations below to give
online:

    The American Red Cross International Response Fund  
          http://www.redcross. org

    Partners In Health Haiti Earthquake
Fund
      http://www.pih.org

   Disciples of Christ Week of Compassion Fund
      http://weekofcompassion. org
   
   UNICEF Haiti Earthquake Fund  
    http://www.unicefusa.org

    International Medical Corps, Earthquake in Haiti Fund
      http://www.imcworldwide. org

    Mercy Corps Haiti Earthquake
Fund
      http://www.mercycorps. org
  
    Doctors Without Borders
      http://www. doctorswithoutborders.org
  
    Oxfam Haiti Earthquake Response
Fund
      http://www.oxfamamerica. org

    Catholic Relief Services
      http://www.crs.org

    American Jewish World Service Earthquake Relief Fund
      http://www.ajws.org
 
   CARE
      http://www.care.org

    International Rescue Committee IRC Haiti Crisis Fund
      http://www.theirc.org