Passwords
You could go crazy trying to come up with decent passwords for all the sites you're signed up to, and for programs that only run when you enter a password. And that's not all - then you have to remember them all as well!
But you've got to protect your stuff, otherwise you risk losing it. People lose their savings, lose their data, suffer identity theft, and it happens more often that you'd like to believe. So yes, you've got to do what it takes - you've got to come up with strong passwords, and if you're serious about security you've got to change them every so often as well. And if you think I'm being paranoid, consider this – most people, most of the time, use very simple, easy to guess passwords, innocently thinking that they're quite safe and no-one will ever bother to try to crack their passwords. Think again! That's like hanging a nice new front door and fitting it with a cheap, flimsy latch held in place by BluTack. Research has shown that the most commonly used passwords actually include such wonderful examples as "password", "qwerty", "iloveyou" and "123456". Unbelievable! In fact, I was working security in an office block at one time and in the main office there was a note pinned on the notice board, in full view: "This week's computer password is PURPLE". Handy if anyone passing through just happened to be curious, yeah? Okay, what you need to do, in a nutshell, is this:
|
|
The strength of a password is a function of three things - the length of the password, the compexity of it, and its unpredictability. Make sure your password is long enough (at least eight characters and preferably longer, although you're sometimes limited to six, which is frankly ridiculous). There are plenty of commonly used passwords, and there are lists of them that are used as a starting point when someone stages a brute force attack on a password. So it's pretty obvious that simple passwords are literally worthless - they wouldn't stand a chance against an attack.
You need to make your password complex and hard to guess, and yet logical enough that it's not difficult for you to remember. These are obvious points, of course, and there are several more specific things you should keep in mind. Never use your name, your partner's name, your kids' names, your pets' names, or anything like that. And while you're at it, don't even think about using your birthday, or anyone else's birthday (such as your partner's), or any part of it. All these are easily guessed at by someone who's determined. Same goes for your house number, your street name, etc. If it's connected to you in any way, it's not suitable for use in a password.
If you think it would be possible for someone to guess it correctly, then don't even consider using it - because someone's probably going to try. Never use words. That's right, never use words. A standard way of cracking a password is to subject it to what's known as a dictionary attack. The program that's set to work cracking your password works its way through a dictionary, word by word, looking for a match. Because of the nature of computers, this kind of operation can be undertaken very quickly and easily. The way to counteract this is to mangle your words so that, although you know what they signify, they aren't actually words, in the strict sense. For example, you could strip them of their vowels. The phrase 'A good password is difficult to guess' could be changed to 'Gd psswrds diffclt 2 gss', which could be remembered fairly easily, but actually contains no words.
Always use a good mix of characters – that means, preferably, use lower case letters, upper case letters (capitals), plus numbers, spaces (if allowed) and special characters. A good password would therefore be something like this: [23Rj x-x 3!] The problem with passwords like that, of course, is they can be very, very difficult to remember. Base your password on something you know. Use a line from a song, a line of poetry, a book title, a phrase, anything at all, as long as it's easy for you to remember and difficult for anyone else to guess. Substitute numbers for letters. You don't have to learn some complicated number substitution method, just have a few letter replacements ready in mind. For example, you could replace the letter I with the number 1, the letter O with zero (0), the letter e with the number 3 and the letter f with the number 8. Obviously, a letter I can look like a 1 and a letter O can look like a 0. The others mightn't be so obvious. E, in handwriting, can look like a reversed 3, and a handwritten lower case f can look a bit like an 8. Doesn't matter if you think this is a bit of a stretch as long as you can remember them. So even if you don't change a word, but use number replacements, the result can be effective. Example: egg and chips can easily become 3gg'n'ch1ps. Why not replace the S with a Z (similar sound) while you're at it? So now it'll be Not a bad password, and easy enough to remember. Oh,and why not introduce an upper case letter – put it where it makes sense to put it (since the whole password makes no sense anyway), at the start of the last word. The password is now 3gg'n'Ch1pz,which uses both upper and lower case letters, numbers, special characters (apostrophes), and is eleven characters in length, a good size for a very strong password. But no, don't actually use this password - chances are you're not the only one to read this, right? Make one up for yourself. It will be unique.
Change your password regularly. Ideally, you should change your password every so often, but this is something people rarely do, as it seems to be too much trouble and just a step too far to bother taking. A way around this is to incorporate a date in the password - e.g. you could add a number to signify the current month and adjust this one aspect of the password each month, incrementing the number accordingly. Link the phrase (or whatever) to the subject. In other words, if it's the password to your bank account, use something to do with cash, money, finance, debt, whatever. For example, use a line like I Want Money, That's What I Want, from the Beatles' song. Use the initial letters, Iwm, TwIw, putting the comma and the space in their proper places, and the capital letter to start the second phrase (easy to remember where they all go), and then substituting numbers, so that you get 1wm, Tw1w. You could finish it by adding an exclamation mark at the end, and maybe even wrapping it all up in brackets, like this: (1wm, Tw1w!) The point of all this is that once you've built up a password this way you've not only created a strong password, but one that's fairly easy to recall (and it gets much easier as you use it repeatedly). Of course, you could have used any phrase or line, from anywhere, even one from the same song … Money Don't Buy EveryThing, It's True ►► {Mdb3t, 1t} ----------------------------------------------------------------------------------------------------------------------------------------------------------------
Another good method of creating strong passwords is to have a kind of template that you change slightly for each purpose. For example, your template might be 3BM(----------)ChtR, which comes from "Three blind mice, see how they run". Then you put something specific inside the brackets. So, for your bank password, you might settle for 3BM(NatWest)ChtR (or 3BM(NtWst)ChtR, losing the vowels or even 3BM(N@Wst)ChtR), while for ebay you would have 3BM(ebay)ChtR. (or 3BM(3b@y)ChtR). Each password is different, yet easy to remember, and they are all strong passwords. --------------------------------------------------------------------------------------------------------------------------------------------- There are lots of other ways to make passwords, but the main thing is to make sure a password is strong (difficult to crack) and yet easy for you to remember. If you're not prepared to make the effort to create decent passwords, you might as well not use them at all. Note: No matter how cleverly constructed the password is, or how memorable, keep a copy of it somewhere safe. Because you change them every so often (or should do), it can become a bit confusing trying to recall which one you used. Best to keep a record of it somewhere safe, and make a note of the date if you changed it. And when I say 'somewhere safe', I mean nowhere near your computer and in a form that disguises what it really is. I'll leave the rest to your imagination and creativity. After all, that's how you come up with decent passwords, and keep them safe, by thinking 'outside the box'. It's obvious, I know, but ...
Never give anyone your password. I repeat, ANYONE. A secret stops being a secret when you tell even one person. It's like a leak in a bucket - it might be just one leak, and it might be only a little one, but the bucket's just become useless because of it..
If you get an email from your bank, building society or Swiss Bank numbered account officer, or whatever, do not ever send them any security information of any kind, whatever they request, and for whatever reason. The very fact that they are asking for it means they almost certainly are not who they claim to be. Your information will only remain safe if you act sensibly and cautiously at all times.
Store your passwords and login information carefully and well away from your computer (or, if you choose, in an online password manager, such as LastPass, which is very secure). Treat the whole thing seriously, because if your password is compromised it could get very serious very quickly. There's a wealth of information available, such as this article, titled "How to Keep Personal Information Secure Online". This page gives good advice about safe online shopping. Check out the link to "Online shopping tips". How to Be Safe on the Internet is addressed on this page. If you need any further information, do a search using Google or any of the major search engines. |
Home | Security | Definitions 1 | Definitions 2 | Software 1 | Software 2
Passwords | Shortcuts | Tips 1| Tips 2 | Other Stuff
Passwords | Shortcuts | Tips 1| Tips 2 | Other Stuff