Saturday, October 8, 2011

Password Fundamentals

It seems that everything we do on-line requires a username and password. From banking to social networking, forums, and internet news groups. So many usernames and passwords in fact that it leads you to less security then you think. Who can remember 20 passwords or what 20 sites they are for. Are you writing them down? Are you using the same passwords for multiple sites? This can be inherently dangerous because if only one site becomes compromised then in turn all the other sites you use can also be at greater risk. I want to cover a couple of practices and need to know’s that will enable you to be in a greater cocoon of security. This reduce the likely hood of you becoming a victim of an online crime, and keeping your self save from a possible data leak from the company you are trusting with your personal data.

I am sure you have heard of all the recent attacks on companies by groups such as Anonymous and LOLSec. These groups are hacking into big corporations that they feel have unjustly wronged those that they support. Like a Robin Hood scenario but in this Cyber War as in any war collateral damage has occurred to innocent bystanders. When Sony was hacked the usernames, passwords, credit card information and other valuable information was stolen by these groups and put out for all to see on the internet. Sony had to get identity theft protection for those involved and payed for those individuals to be able to get credit reports. Sony released public statements on what they believed was leaked but no one can truly know what was done or stolen once you have been compromised. This is terrible and no matter who you support in this there is no reason for the innocent to be harmed.

Lets say you have an account with XYZ.com and ABC.com. You use the same email address(which in most cases is the username) 12345@email .com. And because you have 500 other sites to log into you use the same password for them all. Well if sitej XYZ.com has a data breach and your information is leaked then in turn they now have your credentials to log into ABC.com as you. And if you use the same for DEF.com and GHI.com they now have access to those. So lets put this in the real world. If XYZ and ABC are Twitter and Facebook they can spam people or get into your contact list. If DEF and GHI are your bank or investment site you can be in big trouble. Hackers are evil and seem like a bad dream but they are real people too. They know what top websites people are most likely to have accounts with.

So with their super hacker skills they have made programs that will take these databases of compromised information and use them all at these sites. Because their is little user interaction that is required because the programs will run while they are counting sheep it is not too labor intensive for the hacker. His return on investment is great because he only needs to have 20-30 work out of the 100,000 he received via the deep dark places on the internet. If he only gets $100.00 from all 30 of those accounts he is now $3,000 richer and he was all snuggled up in bed.

Its time to break the routine of bad security. I will give you simple tricks and tips that will greatly reduce the possibility of you becoming a victim. There is no 100% sure way. There are only ways to reduce the chance of it happening. So lets get started with the most simple way to increase your security know how. Your password. We need to make it easy so you wont cheat and go simple, yet is good enough for simplistic password programs to be defeated. So general practice wants you to have a mix of lowercase, uppercase, numbers, and symbols. Then the longer it is the better it is. Its a game of math. The way the programs methodically attempt to guess your password can be truly put to the test. if your password is abcd1234 it could take 2 hours for it to guess. If your password is aBcD12#4! it could take months even years.

Here is a great way to keep bad guys out. Pick something rough. AbC$%Er13. Then you could use google.com. Yes use the web site to help you. Take the last two letters of the name and put them in the password. So no you have AbC$%Er13le. This made it longer and now is specific to this one web site. If you do this for every site you now have a different password for everything you log into. And you can write down the first part. Just dont tell people your special secret for the end. I do not want to get into all the crazy math but this has made it so that a password cracking tool could take years to crack. They wont go that long. They will just take the ones that were cracked in four hours. There is not a good return on investment if they go for years after your password and then you may even change up to the first two letters and add them in now. Yes you want to switch it up once in a while. This also increases your security strength. So if your Twitter password is compromised they can not get into your Facebook because the passwords are different.

Try it out. See what works for you. Your security will fail faster on your part if you become lazy with security. You can not help it if one website gets attacked by Cyber Criminals. But now if one password is out in the open for use your have greatly reduced the impact to yourself.

No comments:

Post a Comment