Visit SUe The Writer's Site

Friday, June 7, 2013

Security for Normal People, Part 2: Security and Passwords

On first glance, passwords don't seem all that complicated. But too many people use their birthdays, their anniversaries, the names of their pets, or other such easily-hacked information, that an article for normal people – who may not have the experience that I do – about what makes a good password seems like a good idea.

The most commonly-used password, according to ZDnet, is: “password,” believe it or not. The second most common is: “123456.” Also on the list: “letmein,” “baseball,” “superman,” and “111111.”

What this tells us is that most people aren't terribly concerned with their passwords.

They should be.

Being hacked can lead to many problems, aside from the obvious having someone drain your bank account and purchasing expensive items on eBay or Amazon and sticking you with the bill.

Because, make no mistake, once someone has one of your passwords, they can also very likely get into your network and do all kinds of things that will affect you, not to mention your credit report, adversely. And then there's your computer. If someone gains access to your computer it can be used for all kinds of purposes – the most common being as a way to use your computer for what I will just refer to here as Bad Things.

I won't go into a great deal of detail here on what these things are, or how they are done, because that's not really the point. The point this: there are many Bad Things that can be done by devious people who can and will gain access to your computer, files, and/or network. You're just going to have to trust me on this.

The other point is that, though there are other things you can do to help protect yourself, creating good passwords are among the most basic. This is something easy that anyone can do; you don't have to be a computer whiz or a cryptographer, you just have to follow some basic advice.

Firstly, I'll give you the Don'ts:

Don't use any single dictionary word – i.e., any single word that can be found in a dictionary. There are programs that are capable of trying every word in a dictionary in an extremely short amount of time. This includes compound words as well

Don't use your birthday, your spouse's birthday, your children's birthdays, current phone numbers, pets' names, current addresses, social security numbers, credit card numbers, or any other piece of information that is either easily obtained, easily guessed, common, secret, or discoverable – and when I say, “easily,” I mean by people who have abilities or access to things you probably don't have access to, most likely because they've hacked a database that this information is in.

Don't use words related to your favorite fandom, which is to say, if you're a Star Wars fan, don't use things like, “lightsaber,” “Jedi,” or “theforce,” or any other word or catch-phrase from or related to Star Wars. The same thing goes for Star Trek, Game of Thrones, Harry Potter, Grimm, Lost Girl, or any similar universe that has its own vocabulary. And while I'm on the subject, don't use words in Klingon, Castithian, Dothraki, or any other language that is made up for a Science Fiction or Fantasy universe. The same rule that applies to dictionary words applies to these; there are hackers who can run through an entire Klingon dictionary in a very short time, too. Amazing, I know, but true, nevertheless. You'll just have to take my word on this.

And by now you're probably thinking, “What's left?”

So, now I'll tell you how to make good, secure passwords. There are a number of strategies, any one of which (or combination thereof) will help you come up with solid passwords.

Firstly, the longer a password is, the harder it is to crack. While many sites will only let you do eight characters, some will allow you to create much longer ones. I'd say that unless you've got highly sensitive information or are security-conscious to the point of paranoia, usually somewhere between 8 and 16 characters is sufficient. (If you're using a password locker, such as LastPass, you might just want to use the password creation function and set it to 16 characters.)

Other things that make passwords stronger are including both upper- and lower-case characters, numbers, and special characters (such as $ or %, and so forth). Or, better yet, all of the above. The more of these things you include, the harder it is to discover your password. If you use a mnemonic method (or even if you don't), which often won't include special characters or numbers, you can also add a little something additional to all passwords, like, for instance, the phone number or zip code from where you lived as a kid (of course, if you inherit your parents' house, you might have to come up with something else).

So, knowing what makes a password stronger gives you several ways to create passwords. . . .

1. Use three short dictionary words that are unrelated, connected with or interrupted by upper- and lower-case letters, numbers, and/or special characters. For example:

bear!Arm53soccer is good, though if you want go a little further: be2ar!Arm53soc7cer is even better.

Which may be hard to crack, but may also be a little difficult to remember. (Though you might come up with some weird memory trick even for unrelated words like this: “If the bear ate my arm, I'd miss the soccer game.”) So, a couple of strategies that may make remembering your passwords a little easier. . . .

2. Use a mnemonic device to create your passwords, such as the first letters of a line of a song, or a quotation, using capital letters, for, say all nouns (or any other part of speech you like), for example, using this technique, taking the first line of Edgar Allan Poe's “The Raven,” and capitalizing the letters that represent nouns, you would get, “ouaMdwIpwaw,” which may not roll off your fingers, but is reproducible, as long as you know the poem. Of course, there are no numbers or special characters in this, so as I mentioned above, if you add your childhood zip code, and you're from Boston, you might get, “ouaMdwIpwaw02134,” which is probably pretty hard to crack.

3. Make up your own word, then add capital letter(s), numbers, and special characters. So, I just made up a word, “suvavatinz.” I know it's not a word because I just Googled it. If you include less-frequently-used letters in your word, like z, or q, in your made-up word, so much the better. But now, add a cap or two and an old phone number, and you wind up with “suVaVatiNz9084873311,” and that's pretty hard to figure out, too. A good way to remember your made-up word, though, is to give it a meaning that makes sense to you – in this case, it sounds like a competitor to No Doz to me.

You can mix and match these methods, but by now you probably get the idea now how to go about making up your own relatively secure passwords.

There are a few other things you should think about doing for basic computer and Internet security, in addition to mobile phone precautions and good passwords, so I'll do a separate article about those. . . .

No comments:

Post a Comment