Passwords - we use them every day, here in cyberland. They're
used as the first step in identifying ourselves. Yes, we're
allowed to logon to this network, because we have the
pre-approved password. They're necessary for our online banking
transactions and our online bill payments. Or yes, we're allowed
to read this ebook, because we've purchased it and here's our
authentication.
There's almost a gazillion instances where we use passwords but
most of us don't think about how easy it is for our lives to be
broken into because we chose such an easy password.
A recent survey reported by the BBC suggests that more than half
of computer users never change their passwords, and many use
words that can be easily guessed.
Common Passwords:
23% child's name
19% partner's name
12% birthdays
9% football team
9% celebrities and bands
9% favorite places
8% own name
8% pet's name
In my experience, other passwords that are common in North
America include:
- Mother's Maiden Name
- Social Insurance Number or Social Security Number (SIN, SSN)*
- Favorite Colour/Color
- The person's name and the current year
* Before I go any further, I should stress that using ANY of
those ideas as a password is an extremely bad security risk.
Furthermore, the use of your SIN or SSN is particularly foolish
as that can lead to identity theft.
In the U.S. alone, this
problem is estimated to be somewhere around 700,000 to 750,000
victims a year.
The problem with using such easy common names for passwords is
that hackers, and identity thieves have special programs, much
like dictionaries that go through all of the obvious common
names, phrases and variations; they also go through the
dictionary itself, including "foreign" language dictionaries.
Sooner or later, they'll get a hit - and BINGO they're in and can
do whatever it is that they want to do.
So what do we do?
Security Tips:
> The best passwords consist of non-sequential numbers and
letters used in a combination. Don't use words or word and
number combinations that can be guessed at.
> Don't use the same password for different sites. Especially
your banking password(s).
> Don't store your passwords on your computer. Data on your
computer is subject to remote theft. In addition you should
protect yourself with a good firewall and anti-virus software.
> Don't write down your passwords on a sticky note and place it
on your monitor, under your keyboard, mouse pad, etc...
> The best secure place for a password is in your head. However
we all know that our heads are full of a lot of other info, and
our non-sequential passwords may be difficult for us to
remember... If you must write down a password - lock it up when
it's not in use, or at the very least, stash it safely.
> Change your password frequently; particularly the really
important ones.
> Use passwords that are at least eight digits long. If you're
given a choice always opt for a long password as each digit makes
it a longer and harder process of cracking.
> Do not share your passwords with anyone. If you have to share
your password because a technician is working on your PC, or a
web site techie is installing a script on your site or a designer
is uploading some web pages to your site, then change the
password(s) as soon as the work is done.
Conducting transactions on the web is safe. Doing business on
the web is safe. Filling out forms on the web is also safe. As
long as you exercise a bit of security consciousness on your
part these activities are no more at risk than they are in the
off-line world.