Monday, June 20, 2011

Account Security for the Author (and the rest of us too)

In a previous blog, I put up an overview on how a person might be able to back up their data to keep it from going because when it did (either through accident [opps!] or mechanical/electronic failure [pretty wisps of blue and grey smoke rising from the back of your machine or a very sickening sound of your hard disk drive cannibalizing itself] you would have a way of recovering your data.
 
In this post, I’m going to give you pointers on how to create a secure password so that your online world will be more secure.
 
Most of us should have know that there have been major hacks of several online service providers (not ISP’s but places that do secure business online) and that user accounts have been compromised. Also, there are the perennial favorite sites to attempt to hack (Gmail, Yahoo, AOL and others).
 
You would be surprised at how many accounts are secured by no password, or very weak passwords. Some users never change the default password unless they are forced to. (I know, as a systems administrator for one government network, I had to twist my customer’s arms to get passwords enabled on the users network accounts!)
 
Passwords are the secret key that allows you access to your computer, your online account or to your bank’s ATM. Your password needs to be long, complex and not easy to guess.
 
ATM’s are a bit more secure because you have to have two things in order to access your account. Those two things are your ATM card (something you have) and your PIN (something you know). This is called two factor authentication. You have something, your bank card, and you know something, the PIN.
 
Most of our online world though, only uses a single factor for authenticating that you are you. Your password (something you know). If your password is easy to guess then it’s pretty much useless to keep your account secure.
 
A password should be at least 8 characters long and should be complex, a mixture of UPPER case and lower case letters, numbers and symbols/special characters.
 
A password should not be, a dictionary word, a birthdate, a name spelled backwards or the name of a child or relative. It needs to be complex. A complex password could be generated by using the first letter of the words in a phrase; such as:
 
Baseball, hot dogs, apple pie and Chevrolet.
 
Some of you might recognize that as the tag line for a car company’s advertising program from the last century. But using the suggestion of using the first letter of each word, we can build a very good password:
 
BbHdA3.1415C
 
I’ve used all the elements of making a strong password
 
1. It’s greater than 8 characters (12)
 
2. It uses a mixture of upper case (B H A C) and lower case (b d) numbers 3 1 4 1 5 and special characters (.)
 
3. It’s not a dictionary word, a birthdate, a name spelled backwards or the name of a child or relative. These items are easy enough to look up on the Internet, or with the speed and power of current CPU’s, a brute force dictionary attack (where a computer sends strings of dictionary words against a system trying to force the proper password) is becoming easier to mount against an online computer system
 
One thing I did forget to mention is that you need to change your passwords regularly, every 4 to 6 months. Having only one password for all of your accounts means if one of your accounts is compromised, then all of them are vulnerable. Use different passwords on different accounts.
 
Please practice safe Hex as it is a dangerous world online.

4 comments:

  1. A very good lesson for those of us who haven't ever changed their password. I've seen too many people who's yahoo account has been hacked repeatedly.

    ReplyDelete
  2. For many years now, I have used a product called RoboForm (http://www.siber.com/consumer/roboform). Besides being able to generate complex passwords, it remembers them for later use in logging or gaining access to a site. I keep my RoboForm data on a memory stick and it's encrypted automatically. So, if I lose the memory stick, I don't have to worry. Oh, yes I do back up the RoboForm data regularly.

    ReplyDelete
  3. The only thing I've had hacked so far was my facebook account and I think that had something to do with that site that tracks your Amazon sales. Anyway, thanks for posting this. My problem is if I make the password too hard then I can't remember it. If I write it down I lose it. Any suggestions for that? : )

    ReplyDelete
  4. A more betterer lesson: Is to try www.lastpass.com for free! Not only does it hold every single password that you have locked under it's own special password, but generates PW for you that it would take nearly 100 years to crack according to some of the bots I've been fooling with. Take a look at it, and be prepared to add the addon to all your browsers.

    ReplyDelete