Ask The Pro: How can I keep my passwords secure?
Sunday, May 1st, 2005This month‘s Pro is John Miller, Web Administrator at OnYourMark, LLC. John offers advice on keeping your passwords safe and secure.
In the modern computerized world, passwords are the keys to all of our electronic information. E-mails, bank accounts and, ultimately, the very networks which store them, are protected by a simple string of typed characters. Keeping these passwords secure is a very important topic when thinking about computer security. By using long, highly random passwords, you can ensure maximum protection against attack. Everyone is told that they should have strong passwords, but cryptic passwords can be difficult to remember and many often resort to using the same simple passwords on several systems. This practice puts personal and confidential business information at risk. It doesn’t have to be this way, though, as there are methods for creating secure yet easy to use passwords.
To create secure passwords, first you must understand what you are securing them against. Attackers use sophisticated password-guessing software to bypass the security of programs and computer systems. Some forms of this software will step through word lists, called dictionaries, and attempt every word and common variations in them. These dictionaries are not just in English; in fact they very often contain words from other languages, names, and common jargon or slang. Other software will attempt every possible combination of characters, called brute-forcing, until it determines the password. This software is especially frightening because it will always find the password. You can only delay a brute-force attack by using a large enough set of characters in your password to make the attack unfeasible.
Using passwords with six to ten characters, upper- and lower-cased letters, numbers, and punctuation marks provides a high level of resistance to such attacks. Sometimes attackers do not need to go through such high-tech and time consuming methods to access your private information. Passwords based on the names of your children, spouse, or pets are notoriously poor choices because you would tend to freely give out this information. Improper storage of passwords can also open an avenue of attack.
An excellent recommendation for making easy to remember passwords is by using an algorithm to build it. This method does not require you to memorize the password as long as you can remember how you built it. You start with an easy to remember phrase or sentence, for example, “This is my e-mail account password,” and use the first letter of each word - timeap. Now devise a standard way to replace characters, perhaps using the keys located above the actual letters in your phrase, producing 58j3q0. Finally, make sure to use some uppercase and punctuation. %8J3q0 was produced by holding the shift key for the first letter and first number in the password.
Although %8J3q0 is not very easy to remember, the method used to create it is, making the password relatively simple to reproduce. If you were to use the same algorithm for all of your passwords, starting with different phrases, you could quickly build strong yet memorable passwords.
Keeping passwords secure can be more challenging than making them secure to begin with. The first step is to keep them private. While this might seem obvious, passwords often get passed around to ease the sharing of material. A new password should be created for each person who requires access. Passwords should not be stored in an easily accessible location, such as sticky notes on your computer monitor. Ideally, passwords should never be written down, which is why making them memorable is so important.
You should take care that no one is watching you while entering your password. It is surprising easy to learn someone’s password by watching over their shoulder, especially if they are a slow typist. When accessing websites, you should also make sure that you are really at the site that you think you are. A popular method of stealing passwords and personal information is for scammers to send out bulk e-mails claiming to be from a financial institution. This scam is known as “phishing.” The e-mails contain links to pages that are identical to those used for online banking and may even transfer unfortunate users to the real site once the password is entered and recorded. A good rule of thumb is to never trust any link in an e-mail to a password entry page. If you think the message may be valid, enter the site though your regular method, or contact the institution directly to get further information.
Different passwords should be used for separate systems and programs. Because various applications and systems use different methods of storing passwords, using the same password on multiple systems gives an attacker the option of striking at the weakest point. Once an attacker knows one the password to one account, they would have access to any account that uses the same password.
Finally, passwords should be changed on a regular basis. By changing your passwords once a month, you make them moving targets for an attacker. If your password ever does get out, anyone who knows it will be locked out when it is changed. This is the only way to truly prevent a brute-force attack, as the password changes before it can be discovered, and is a very important step to securing your password.
By avoiding the common pitfalls associated with passwords, you can ensure the privacy of your personal and confidential business information. Maximizing the strength of your passwords does not have to mean compromising their ease of use. Please take the time to consider the method of creating secure passwords detailed in this article and incorporate a similar method into your password routine.
Links Mentioned in this Article:
- www.diaryland.com
- www.livejournal.com
- www.blogger.com
- www.thebubbler.com/modules.php?name=Journal
–> What would you like to ask the pro? Email your questions to askthepro@OnYourMark.com!