Your passwords are like gold. Protect them. PAUL WALLBANK
By Paul Wallbank
Whether we like it or not, passwords are part of working with computers and they are going to become more important as our data increasingly becomes accessible from the internet.
This was a concern raised during our SmartCompany remote access webinar last week, and a good example is the hacking of US vice presidential candidate Sarah Palin’s email account.
The days of logging on with passwords like “password”, your cat’s name or just leaving the thing blank are over. You have to start considering making your passwords more difficult to crack or guess.
A start is to make them long. Ten characters is a good start.
I use the word “characters” deliberately because a password shouldn’t be just a single word, passwords like “password”, “popcorn” or your kid’s name are easily guessed, and anything more complex can be cracked by what is known as a “dictionary attack” where a computer program throws every word in the dictionary at your account.
Usually though, this isn’t necessary as most passwords can be guessed if you know a few details about the victim. The Sarah Palin hacker knew her hometown, postcode and where she met her husband, and that was enough – many people put those sort of details on their Facebook or MySpace pages.
So it’s best to use something a bit stronger. Say at least 10 letters in a combination of numbers, symbols, upper case and lower case letters; 14 has always been popular in Windows for historical reasons.
Now you can go to a random password generator to get one. Asking for a super-strong password on one site came up with qenaprEda6rU3E.
Now that’s a good, strong password which is also difficult to remember and that leads us to the “sticky note” conundrum where people start saving strong but difficult to remember passwords on notes attached to their monitors and other places.
To overcome this I like to create a strong password from a combination of personal details. For instance, if your birth year is 1951, favourite colour is blue, your wedding anniversary is 29 June and your mum’s name is Beryl you might choose 19BeryL51&JunE29.
I have another longer example on the PC Rescue website. But you can use your own imagination to work with combinations that are difficult to crack but relatively easy to remember, and yes, you can use your cat’s name.
It’s also worthwhile noting it wasn’t actually the password that brought Sarah Palin unstuck; the hackers fooled Yahoo’s password recovery process.
So it’s worthwhile applying the same principles to your “secret word” answers. Instead of just your mother’s maiden name, put your dad’s birth date on the end of it and throw a few capital letters into it.
The moral to all of this is we need to take password security seriously. Even if you aren’t planning to run for the Oval Office, you still need to keep some things private.
Paul Wallbank is Australia’s most heard computer commentator with his regular computer advice spots on ABC Radio. He’s written five computer books and just finished the latest Australian adaptation of Internet for Dummies. Paul founded and built up a national IT support company, PC Rescue and has a free help website at IT Queries. Today he spends most of his time consulting and advising community and business groups on getting the most from their technology.
For more Business Tech Talk blogs, click here.