Passwords

Keys

Passwords - Keys to the Information Superhighway

“Hackers nab 1.2B passwords in colossal breach, says security firm” That is the headline of an article from CNET in August of last year. So what can you do to protect yourself from password heists? Unfortunately, we are in a state of minimizing damage rather than avoiding it entirely. Those 1.2 Billion passwords, and many others from similar attacks have already been stolen. The horse is already out of the barn. The question now becomes, “What can be done to minimize the effect of this and similar password breaches?”

First, we need to consider the two major types of password hacks. One being the breach of major corporate systems and the reselling of your data including your user-name and password for that corporation. Second is the still popular old-school approach of simply trying to guess your password from bits of information known about you. Both approaches need to be considered when implementing a system of passwords to protect your private information.

Use a strong password
This is primarily effective against those who are trying to guess your password. A strong password will consist of both upper and lower case letters, numbers, and special characters. A password like “B5H\Ud]t

Longer passwords are better than short passwords. Each additional character in your password exponentially increases the time and effort involved in cracking your password. Consider using a pass-phrase instead of simply a password. “A$h3vill3_i$_a_W3ird_City” (Asheville is a Weird City) would be considered a complex password, yet one easily remembered. (especially if you've been downtown on a Friday night.)

You should avoid common passwords and common themes. According to SplashData, “123456” and “password” still top the list of most frequently used passwords. “qwerty”, “baseball”, “dragon”, and “football”, also made the top 10. You should also avoid common themes. If your blood runs orange and your Facebook page is plastered with pictures of University of Tennessee Football, then you might want to stay away from “RockyTop” as your password. Sure, it's easy for you to remember, but it's also easy for a hacker to guess.

Avoid Reusing Passwords Across Sites
What makes the data breach reported by CNET so extreme is the fact that many people will use the same password across multiple sites. So by hacking a small unsecured website, they can gain username and password combinations that will work on major corporate websites and even banking websites.

When a major corporation gets hacked, it's all over the news. But the hackers are increasingly turning to smaller less secure websites. If the hackers go in, copy the data they want and leave without doing any damage, these smaller sites may never know they’ve been hacked. And even if they do, they may be reluctant to report it to the police and risk bad exposure in the press.

So by using one password for all of the sites you login to, you may be giving the hackers, identity thieves, and spammers access to everything you do online.

Change your Passwords
In the case of most data breaches, a person or group of people steal the data and then later sell it to others who actually use the data. There can be some time lapse between the time the data is stolen and the time someone actually tires to use it. If you change your passwords often, you may render the stolen data obsolete.

How often should I change my passwords? There is no good answer to that question. Obviously, the more often you change them, the less likely someone can use stolen data against you. However, changing all of your password is time-consuming and time is money. So just going through the process of changing your passwords has costs. No matter what time-frame you set for changing your passwords, until you have a security breach, you will think it is excessive. Once you have had a breach, you will think it is not often enough.

Let Technology Help
How do you remember all of those different passwords? If you add up all of the websites you login to and all of your email accounts, add to that your bank pin numbers and cell phone pin numbers, the average person could easily have over 100 different passwords. We've all been told to never write them down and place them under our keyboards. ( In every spy movie, that's the first place the look, and surprisingly they always find the passwords there.) You need somewhere to keep these passwords in a secure place that is accessible only to you but constantly accessible to you.

If you have a very limited number of passwords, you could write them down and keep them in your billfold or purse. But that's not practical for more than five or ten. Most people will have more than that.

You could put them in a document or spreadsheet and name the file something other than “passwords.” This document could then be protected with it's own password. The downside to this approach is that the passwords are only accessible when you are at your computer.

There is an abundance of password manager programs available. The best ones will have apps for your smart phone as well as programs that run on your PC. The smart phone apps and the PC program should synchronize themselves automatically. I personally like the Pocket app for Android. You can find it on the Google App Store. The desktop version can be found at http://timothyjc.blogspot.com/2010/12/wallet-for-android.html. You can have the same password database synched between multiple Android clients (smart-phones) and multiple PC's. And best of all, it's free.

If you are using Iphones and Mac's, then you may want to check out 1Password at https://itunes.apple.com/us/artist/agilebits-inc./id285897621. This program has many great reviews and appears to have the features that should interest you.

For those times when you need to generate a highly secure password but are having difficulty putting together a random group of characters using specific types of characters, a password generator can help. (Pocket for Android has a password generator built in.) Various websites offer this service for free. http://passwordsgenerator.net/ is an example of one such site.

The Future of Passwords
With advances in technology, passwords may become obsolete. Biometric Recognition Systems are not just for Sci-Fi any more. We've had laptops for a few years that have built-in fingerprint recognition. My Android smartphone has facial recognition. Neither of these approaches can completely eliminate passwords today. A cut on your finger can cause you to have problems with the fingerprint recognition. Too much or too little light will cause the facial recognition to fail. You should always have a different method for accessing your systems if these systems fail. Although they are not viable as password alternatives today, the technology looks promising for future development.

Some companies are issuing key fobs that are programmed give you a password that will only work for the next minute or so. An algorithm is developed that generates a new password for your account every so many minutes. The key fob contains the same algorithm and will therefore generate the same password at the same time. You must check with the key fob for the current password and use it when logging into the system. This can work well on systems that need an ultra-high level of security but would be impractical for all of our systems. (Who wants to carry around 100 or so different key fobs?)

Conclusion
Passwords are vital to our life on the information superhighway. They are the keys to the locks behind which the necessities of modern life are stored. Our money is behind these locks. Our jobs are behind these locks. Our social communications are increasingly behind these locks. While others may actually be responsible for the locks, we are responsible for the keys to the locks.

Tags: