Sunday, June 26, 2011

How to pick a password that's hard to hack


We've all experienced the tedium and frustrations of constantly having to deal with all of the various usernames and passwords that we have to contend with on a daily basis. Passwords and usernames for our smartphones, email accounts, bank accounts, and a seemingly endless list of online vendors that all require us to commit our personal access to memory. In my line of work, not only do I have to be vigilant on my own usernames and passwords, more importantly I have to be extra careful on how I handle the many usernames and passwords of my clients as well.

As online stores and services continue to eclipse traditional brick and mortar facilities and with smartphones having built in POS applications (point of sale) our wallets are slowly taking a back pocket to our cell phones, a transition that makes consumers more vulnerable to being hacked and puts more of an emphasis on security than ever before. We all have our own routine and protocol when it comes to not only choosing usernames and passwords, but how we remember them as well. I personally have done everything from storing sensitive information on password protected USB flash drives to password protected digital folders and APPS on my computers and smartphone.

Here are some great tips on how to password protect your day to day life:

By Shan Li of The Los Angeles Times.

How to pick a password that's hard to hack

The latest LulzSec attacks revealed that most victims used email passwords that were easy to decipher. A good password doesn't have to be impossible to remember. Here are tips for protecting your accounts.

If there's one lesson to be learned from the rash of hack attacks recently, it's the value of a strong password.

Just look at what the hacker group LulzSec dug up. After hacking into the websites of the CIA, PBS and Sony, it posted on the Internet the email addresses and passwords of 62,000 compromised accounts.

A quick scan of the list showed that most passwords were easy to remember — and easy to crack. Sample: "wildwoman," "coffeecup," "peterp," and "kindle."

Of course, the ideal password would be long, unintelligible and nearly impossible to predict. Like this: !co4D4)f%d. But good passwords are hard to remember, which is why so many people end up with easy ones or reuse the same password for multiple accounts.

Nowadays, passwords are the keys to your digital life, and they safeguard everything from your email accounts to your bank accounts against cyber criminals. Here are a few ways to protect yourself online:

• Use mnemonics. Pick a personal sentence, as I did for my college account: "I am an NYU student!" and take the first letter of every word to create a password "1iaanyus!" (NYU requires its students to add a number for extra security. And no, that password doesn't work anymore.)

• Know that longer is usually better, but not always. A six-character password such as 7cG&!s is more secure than a longer password that uses a word or a phrase, such as iloveyou.

• Change passwords to your bank accounts every few months.

• Write down the passwords on a list without user names. Keep it with your passport, car title, Social Security card or other papers you are not likely to lose.

• If you truly cannot remember passwords and tend to lose scraps of paper, use password-managing software such as LastPass or KeePass that encrypts and stores all your passwords. Some will automatically plug in your password at the appropriate sites. They're usually free or charge a nominal monthly fee for extra features.

• If you want the ultimate protection — and have the memory of an elephant — consider using a "random password generator" that you can find by doing an Internet search. It'll spit out passwords depending on how complicated you want them to be.

And a few things to avoid:

• Never use simple words or phrases, even if you spell them backward and add a number. Hackers have software that can predict commonly used words.

• Never have the same password for every account, especially for bank accounts and sites such as Amazon.com that can store your credit card information.

• Never email passwords to yourself. If hackers gain access to your email, they would then have the whole kit and caboodle.

• Avoid using personal details. Do not include your name, birthday or home address, which can be easily guessed by someone who knows you.

• Don't share your passwords with friends or family.

• Don't log into sensitive accounts when using public Wi-Fi.

And finally, it's important to remember that no password is completely immune from being cracked, said Robert Rachwald, the director of security strategy at Redwood Shores, Calif., digital security firm Imperva. The best way to keep your personal information safe is to avoid providing it if at all possible.

shan.li@latimes.com

Copyright © 2011, Los Angeles Times

No comments:

Post a Comment

Related Posts Plugin for WordPress, Blogger...