Monday, December 3, 2012

Psst...What's the Password?

I would imagine you've heard it before, but it bears repeating: How secure are your passwords?

We need passwords, it seems, for virtually everything: ATM, voice mail, logging in to your computer, visiting some websites, online shopping, shopping in person, opening your email....and the list goes on. Every time you open any sort of new 'account,' even if it's just to receive advertisements or information about  your health insurance, you need a new password.

What kinds of passwords are easily guessed by hackers? Below are some examples of commonly used passwords that are a hacker's bread and butter, so to speak:

123abc --even if you like the Jackson 5 song, bad choice
Qwerty (the top left row of a keyboard)
Repeated words, such as kittykitty.
Spelling your name backwards, such as htims instead of Smith or auhsoj instead of Joshua
Using your birthdate such as susieapril2593
Consecutive letters on a keyboard, such as asdfghjkl or wertyuio
Using your actual name and birthdate (Yes, some people do that. Not good!)

You get the idea.... simple to remember for you, but also simple to guess.

Some sites don't require you to make up an especially secure password: they just want to start sending you email and they're not going to bother making it difficult. However, to be really secure, passwords should:

  • Have at least 8 characters--letters, numbers, and/or symbols-and don't forget underlines, periods, commas, semicolons, and colons can be used
  • Contain upper and lowercase letters
  • Never be the same for multiple purposes-use different ones for each.
  • The symbols should not be at the beginning or end of the password: zquroe*ff9Now is going to be harder to hack than  !Furrydog2.
  • Be a made-up word, not one you can find in the dictionary, such as prastical, bendelay, or drofows
  • Be something you can remember, but still obscure. Try the first letters of the first line of a favorite song: rrr7ybgDts is "Row, row, row, your boat gently down the stream" with a 7, three characters in.
  • Instead of "Love2playHalo" use L2pHen/wf+sNx (Love to play Halo every night with friends plus snacks)
  • Even if the site isn't asking for a longer and more complex password, make yours that way.
  • Some people create new passwords more often by going to the website and pretending they've forgotten their password. They then let the site send them an email to re-set it with a random one to make it harder to hack.
  • Deliberately spell words wrong.
The next one is not commonly known:
  • When the site asks you to set up security questions, remember: the site doesn't know the answers---and you're 'talking' to a computer, not a person. If the question is, 'What was your favorite pet?' you can answer anything you want, such as "aardvark," or "cream of wheat" or "Harlem Globetrotters." As long as you know you did that, you can answer the question if asked and unlock your account. If hackers have gotten partway into hacking your account and run into a security question such as What's your father's middle name?, and you answered your security questions with the right answer, that information is not hard to find online. The site doesn't care-and won't correct you- if you say your father's middle name was "Cranberrysauce," anyway.
  • Use a life event such as your wedding: groom20minlate or myMILcrazy, then add a number, a symbol, and an uppercase letter: groom20Min$late or my+MILcra7zy.  How about school-related: toomanyteststhisweek becomes 2many2tests2thisweE)k  or ihatebiology becomes iHate4biology)(#  --something you can remember but not too simple.
  • Make your password very long-this makes it hard to hack, also. Just remember the rules about not using consecutive numbers or letters. Some people just hit random keys on the keyboard, copy it and paste it to a word document or somewhere else where they can retrieve it, and enter that as the password. Example:wpof[ghj3e9t=-sjdeoowpfdjgoeperlgfj . Take that, hackers.
  • Again: Super Important: Never use the same password for multiple purposes.
And what are those wavy words you are sometimes asked to type in, to access an account?

This is called a 'captcha,' which stands for "Completely Automated Public Turing test to tell Computers and Humans Apart".  Hacking is usually done by someone who has set up a way for his computer to 'read' your passwords in automated fashion. Words printed in this wavy fashion are usually impossible for a computer program to 'read.' In the above case, the line through the words also makes it hard for a computer to scan. Although we find sometimes the wavy words are hard for humans to read, also, it is a tool that can be used to try and prevent someone from getting into your account.

There are mixed reviews as to writing down any passwords. You might write them down, putting letters or numbers every three letters for instance, so you know to remove them in order to get the actual password. Alternately, you could use a made-up word that you write down, but don't write down the numbers you use with it. The hackers are highly unlikely to come to your house looking for a document with your passwords, but it doesn't hurt to keep this in a secure place. Don't put a title at the top, "Joe Jones's password list," though.

If you have a trusted friend, print a copy and give it to him or her so in a dire emergency, you could call and retrieve your passwords that way. There are online 'vaults' in which to keep passwords, but it seems like a less than intelligent place to have them, since the whole point is online security.

Review your passwords and change some of them today. Make it harder for hackers!

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.