|What's the password?|
|Written by Alan ThorntonHits : 872|
|Friday, 30 April 2004 19:00|
You probably have information on your computer that you would rather not show to the rest of the world. Even if you are willing to share your data, you certainly don't want to lose it. The current situation between computer users and black-hat hackers has been described as a war. And the skirmishes just keep getting fiercer.
If you don't have a strong password and follow other normal security precautions like using a firewall and keeping your antivirus and Windows updates current, you might as well be inviting someone to take your computer from you.
Managers at computer giant Sun Microsystems used to say, "The network is the computer." These days, I am tempted to say that your data is your computer. After all, you can replace your desktop for around $600. Once you re-install a few programs, all that remains to bring you back to normal is to copy your data from a backup file.
Let's say that you are one of the many computer users who don't have their data backed up. If so, you need to be as pro-active as you can in what Harry Potter might call your defense against the dark computer arts. Here is some strong advice for that defense.
Use good passwords
You may have heard this before, but most people don't heed this advice. In order to ensure that your data is safe:
-- Change your password frequently.
-- If you think that someone may have used your password, change it immediately.
-- Do not write your password on a Post-It note and stick it on your terminal.
-- Don't give your password to anyone else for any reason.
-- Assign new employees a password without administrator privileges. Ideally, only IT staff should have this level of access.
Types of password breaking
Hackers used to have to have a little skill if they wanted to hijack passwords. Today, though, there is free software available on the Internet that is designed to steal your password. This process is known as cracking.
There are two main ways that password cracking software works. The first is called a dictionary attack. It runs through a huge list of words that people are likely to use for their passwords. Naturally, this includes most common names for people and pets. The dictionary attack will quickly riffle through birth dates for the last 70 years, too. With that in mind:
-- Don't use your name or the name of your spouse or child or pet for a password.
-- Don't use your birth year or your mother's maiden name.
-- Don't use Password or Admin (a default for some password-protected items).
The second type of password cracking is called the brute-force attack. If the dictionary attack fails, the program will begin trying any and every combination of numbers and letters. As you can imagine, this can be a time-consuming task but it's just the kind of work that computers were designed for. Here is the key for you, though: The longer and less predictable your password is, the more time it will take to crack.
Suppose you use a tough password and someone has to leave their cracking program running for a couple of months. If you change your password every three weeks, you might just beat the software or at least make your system more trouble to crack than it's worth.
Use a random series of upper- and lower-case letters, numerals, and punctuation marks if you are in a program where each of these is allowed. Some passwords are not case-sensitive. Bear in mind that although these passwords may be easier to remember, they are somewhat less secure.
In developing a password that you don't have to write down, think of a few unrelated incidents in your life. You might want to use a scheme similar to the one in this example:
-- The last two letters of each your two most recent vacation spots in quotation marks or brackets
-- The street number of your childhood home
-- An ampersand
-- The abbreviation of the state directly to your north (two capital letters).
If I used the variables above I would come up with something like: [dore"1225&NC.
As long as your scheme is something that makes sense to you, you'll be in good shape when you have to remember the password you created. You can't ever be completely certain that your computer won't be a target for hackers or crackers, but if you strengthen your passwords you'll have a much stronger first line of defense.
Alan Thornton owns Decatur Computer Help, an on site technical support business in the Atlanta, GA area. Write him at firstname.lastname@example.org.