Passwords are the computer world’s virtual equivalent to your car, house, and office keys. Passwords protect your personal and business information. They control access to the files on your computer, your e-mail account and your online shopping accounts.
Passwords are your first line of defense against an ever increasing assortment of computer hackers and criminals armed with sophisticated tools trying to break into your accounts to steal your money and your identity.
Even though most people recognize the importance of passwords we don’t pay as much attention to them as they deserve. We wouldn’t dream of storing our valuable purchases in an unlocked car while we go back into the mall, but we often use weak passwords that effectively leave our computer accounts unlocked for the clever hacker.
Weak passwords can be cracked (in computer lingo, passwords are cracked and computers are hacked) through a couple of different methods.
Brute-force cryptographic programs try every possible combination of letters and numbers. Dictionary attacks are computer programs that attempt to log in by using thousands of commonly used passwords from a password dictionary.
Hackers also routinely use a simple approach known as “social engineering.” This involves researching personal information about you (home address, children’s names, pet names, favorite sports teams, etc.) and using that information to guess your password.
Phishing uses forged e-mails to dupe you into clicking on a link and providing account and password information.
Spyware, viruses or other malicious software that bypasses your anti-virus program (you do have an up-to-date anti-virus program on your PC, right?) can capture your keystrokes and transmit them back to the hacker. Network sniffing software can capture your account and password information from inside the electronic packets as they traverse the Internet.
Fortunately there are a number of basic steps you can take to protect your passwords.
No personal information
Don’t base a password on any form of personal information that can be easily learned about you.
No common words or phrases
Avoid using any common words that are found in a regular dictionary or even phrases like “redridinghood.” Password dictionaries contain hundreds of thousands of commonly used words and phrases. These clever programs also use simple techniques like reversing the letter order. So while you might think using “drowssap” is clever and easy to remember, the cracking program will solve that one easily.
Length is good, numbers and special characters are better
Generally speaking, longer passwords (if you can remember them without writing them down) are better. Longer passwords utilizing a combination of letters, numbers and special characters like @, +, &, and * are best.
One effective technique is to use a simple form of cryptography, substituting numbers for letters and throwing in a special character. For example, rather than “icecream”, substituting 3 for e, 1 for i and @ for a results in 1c3cr3@m, a pretty strong yet still easy to remember password that would defeat most cracking schemes.
Another effective approach is to use a phrase that means something to you. I might pick “crazyforgolf” and then do the substitutions, ending up with “cr@zyf0rg01f”.
Protect your password
Don’t give your passwords to anyone, especially over the phone or through e-mail. Never enter your password on a Web page that doesn’t display the lock icon identifying that the page is encrypted.
Following these steps will protect your passwords and, in turn, protect your personal and business information.