Monday, November 26, 2012

Password Safety

A November 7 article by Nicole Perlroth  in the New York Times ( provides a bit of a scarifying amount of information about how easy it is these days to obtain passwords used to access private information on the internet. Every day we are bombarded with emails that come from addresses that look suspiciously like someone we know and trust, and often we get emails that seem benign but contain attachments that we may slip and open. All it takes is one lapse of attention and you can lose your password protection to sites where such information is sold for about $20 a pop. And you may not be aware that there are programs specifically designed to crack passwords- a notable one is known as John the Ripper. My guess is that you have likely chose a relatively simple password that you can easily remember, and you use that same password as a gateway to more than one protected site. This makes it likely that at some point in your life you will get hacked. I have, and it’s a pain- I had to change my aol account password as a result, and I had to cancel a credit card, take care of the bills that had been improperly charged to it, and ensure that my credit was not affected.

Ms. Perlroth suggests you use the following strategies for finding new passwords.
Forget the dictionary: don’t use any word that someone could find in a dictionary, since that is often what is first tested by hackers. Don’t even use words where you just change a letter or two. I can tell you that my passwords use a combination of random letters, numbers and grammatical signifiers such as exclamation points.

Don’t use the same password twice: obviously. If a hacker finds it, they get access to all your accounts.
Come up with a passphrase: not a word. Make your passphrase 14 letters or longer, since this added complexity makes it harder to crack. And use one that you will remember, like a phrase from a movie or book.

Randomize: you could just hit the keyboard randomly, throwing in the shift and alt keys as well, and then store the password on an encrypted text file that you put on a flash drive so it is not on your main computer.

Store the password securely: get it off your main computer, and get it onto a flash drive (see above). And do not let the computer store this information so it automatically will enter the information as you log in; some hackers use keystroke logging software to follow your keystrokes.
Consider a password manager: there are password protection software that can store your information in one place. An example is LastPass

Ignore the security questions: because some of this information (i.e. what high school did you go to?) can be easily found on the net. Consider using an answer that makes no sense, i.e. if asked what your favorite color is, you could provide the answer “what is your favorite movie?”
Use different browsers: use several browsers for different activities. This would let you use the second browser to shut down bad activity arising on the first. Studies have shown that Chrome is the browser least often attacked.

These are all good ideas we should consider. Safety first, always!

No comments: