First, start with password. Yes, I know it sounds tired, but security experts suggest that a high percentage of passwords are still password. The others are common words such as god, money and love, along with people's names, such as the name of a spouse, pet, kids, etc. Common numeric passwords are normally 123456 or dates such as birthdays, anniversaries, etc. It is estimated that 20% of all passwords can be guessed this way. Stay away from them, as well as dictionary words.
A few years ago I went to a client to work on their server. However, no one in the office knew the password for the system. Good security, I believed. I was finally able to speak to someone in charge. The disgruntled IT person left and the password was not known. We went from good security to bad business. So I'm back in the closet, and I start looking for the password. Under the keyboard, under the desk, in a manual. Somewhere there's a yellow sticky with one word written on it, and that's the password. Found it. HOTDOG. Didn't take long. It was in the inside cover of the once opened computer manual.
Then there's the office with 12 people. Everyone wants their own password, with their own "personal" (if you're at work, there should be no 'personal') space. Months after setting up separate areas for all the employees and creating different profiles, everyone has their password written on a yellow sticky somewhere around their monitor, and all 12 people in the office know how to get into every computer. Why bother.
Then there was David. David was a retired High School principal who could not stand being retired, and came back to work as a programmer. If you left your computer unattended, he'd sneak in, and start a time consuming task on it. As the day went on he'd forget what was running where. He'd get up, back to the "zombie" PC, and shout: "Does anyone remember what my password is?" He could never remember.
Several people I know can never log into any web site because they can't remember the username, email or password that they used when they originally signed up. There has to be a better solution, they all say, but one is not yet available. The best solution is to use the same username, email and password, this way you'll always remember. The worst solution is to use the same username, email and password. If you are compromised, then the intruder has access to all of your accounts. This is one method that identity thieves use. Once they have one piece of information, they'll use it on every account (Google, eBay, Amazon, bank account, etc.)
The processing power of today's computers can 'crack' a password in a short time frame. A lowercase password of 8 characters can be cracked in less than 2.5 days. An 8 character password with upper, lower, numbers and special characters would be cracked in about 210 years. Big difference. However, there's one big problem. The user cannot remember that's caps, or what's a number or frankly what their password is.
A common technique to "mask" password from ordinary dictionary words is to substitute letters with numbers. For instance, password could be duplicated as P - A - S - S - W - (zero) - R - D. Common letters that are substituted are: 1 - L or I, 3 - E, 2 or 5 - S, 7 - T, 9 - G, 0 - O. Other letter/word combinations can be used as long as the user remembers the relationship. Another is to offset your hands on the keyboard, and type a common word. For instance, if I move my hands one key to the right, when I type "password" I get "[sddeptf". Yet another trick is to use foreign words. Currently password dictionaries only contain English words, but as computers get faster and store more information, password dictionaries will change to include the more common languages around the world. However I must tell you that people who make a living cracking passwords know of these tricks, and they updated their algorithms to reflect the changes.
My advice. Use a combination of words and numbers that only you would know what they mean, with a minimum of 10 characters. I ran track and field in high school. My password could be something like T&F330hurdles. 13 characters. 2 caps. 1 special character. Want to make it harder. Add the initials from the High School at the end. T&F330hurdles@NBHS. A lifetime to crack (brute forcing a password is only as good as the speed of today's computers. as computers get faster, so does the speed at which it can crack a password.) Only a few people actually know that about me, and I don't have regular contact with any of them. I can always remember my password because it's relative to me.
In a work environment it's a waste of time (unless required by law) to implement security measures because the passwords become common knowledge. And the one time when it does not, information is needed from an employee's computer when she's on vacation, and nobody at the office has the password.
Use this information as best fits you. I'd hate to see someone compromised or a victim of identity theft.
No comments:
Post a Comment