Friday, March 30, 2012

For our first post, I wanted to write about securing and protecting your passwords - not only at school, but the personal accounts you use at home.  I've been gathering information from around the web and hope to share some of the knowledge with you on this subject.

Create Strong Passwords

A strong password doesn't necessarily mean a string of random numbers, letters and special characters.  Though this can help the complexity of the password, it often makes it difficult to remember.  Take for example these two passwords:

HS#7q!G0 VS dragons

Clearly, one is easy to remember, and one, chances are, you'll have a tough time committing to memory.  But, 'dragons' is not a very secure password as it will fail a dictionary attack within seconds.  For hacking software, it would take the computer program 30,000 times longer to crack the first password (with just short of 6 quadrillion combinations to examine) compared to the second (Number of possible passwords = nr = 268 = 208,827,064,576).  So, ideally, you want to mix up your letters, numbers and symbols to make your password tougher to guess.  Perhaps something like Dr@9onZ would be easier to remember, and tougher to break.  

But still, this is a simple 8-character password and not as secure as you could be.

Make them Longer

Mathematically, making the passwords LONGER is the real key.  You should never have a password that is less than 8 characters.  Ideally, 11-17 characters should be your target  -  at a minimum.  Creating a sentence for a password has shown to confuse cracking software - the length alone making it near impossible to crack.  Here's an example of a long password, easy to remember, near impossible to crack:




Think of using ones like this to protect your financial and other personal data - if the website allows that many characters.  That first password has 37 characters of mixed case, numbers and one special character.  You can calculate the complexity of guesses on these permutations (Number of possible passwords = nr = 9437 = 1.0173 combinations - that's a lot, and beyond the capability of a casual hacker.)

Protect your Passwords

Do not, repeat, do not store your passwords in a plain text file.  I've seen too many people that have their passwords stored in a spreadsheet on their computer, just tempting hackers to steal their data.  Also, do not write your password on a sticky note and stick it to your monitor.  You need to protect your passwords like they are cash.  There are many methods you can use, from simple (keeping a small list of important ones in your wallet) to complex (software programs using multiple forms of encryption to hide and protect your password lists).  

Some people have a rough time remembering passwords so the purchase of software that will store all your passwords for you in an encrypted file makes sense.  Just remember, you still need to memorize one password to run the program - so make it a good one.

One more word on protection.  Do not have applications or websites remember your password!  What's the sense in having a password to protect your information if anyone can log onto your machine and get to it?

Any questions, feel free to email me.