Last week, we talked about how tens of thousands of webmail accounts were compromised and wrote another post with 7 tips to protect yourself from phishing. In this post, we will focus on some tips and steps that will help with managing and strengthening passwords.
Security professionals build many layer of security to protect a system from being compromised, yet the one problematic area that remains to represent the weakest point is the users’ passwords.
Users tend to be bogged down by how many passwords they need to manage. Hence, they tend to rely on simple passwords, that they often write down in accessible places. They also tend to use the same password for every kind of account!
A worker usually has to use 6.5 different passwords each of which is used for four different accounts/sites. Trying to keep all those accounts up to date and having a strong password for each one of them is a tough task. We’re not going to discuss the obvious: at least 8 characters long, use alphanumeric, lower-case & upper-case password with special characters, but we’ll make having such a password easier to remember.
In order for you not to be the weakest link in computer security, and to better live up to that task, we provide you with the following tips.
Tip 1 Speak English Very Best!
English words can be broken by dictionary attacks, where they use words from the dictionary to attempt to match them to the password. This attack is more efficient that brute force attacks, which attempt every possible alphanumeric (and special characters) combination. So using “proper” English words in the password will make it easier for your password to be compromised by this type of attack.
To counter this simply substitute some English letters with symbols and numbers. A “3″ for an “E”, and “$” for an “S” and so on. Don’t stop there: misspell words, take out vowels from them or even reverse the word. These are simple methods to keep the password memorable and to further strengthen it against such attacks.
Tip 2 Never write it down, except …
Never write down the password and leave it in the same area as where it is intended to be used. It’s not recommended to write down the passwords but sometimes it’s inevitable. In those cases, the password needs to be kept in a safe place, like a wallet, and on the person at all times. Maybe use some sort of “cipher” that only you can read. I used to use my old cell number in passwords, but when writing it down would substitute them with [n]. This way if someone reads the sheet, he would still need to know what [n] stands for.
Tip 3 Use rhymes
Remember the Flintstones’: “Yabba-Dabbee-Doo“? This might seem like a trivial password but under brute force attacks, it will take about 27,415,414 years to crack. Actually, using rhymes has the advantage of them being very easy to remember and yet very difficult to guess since we all spell them differently. Try to make your own rhymes rather than using known ones, and that’ll give any hacker a hard time figuring out your password.
Tip 4 Use keyboard drawings
This is actually one of the ways Amer suggested: You simply draw a shape on the keyboard, and voila, you’ve got a strong non-English password that’s easy to remember. Try this: “xdr5thnbvc“. Seems impossible to recall, but, focus on the way you typed it. It’s a triangle starting at “x” ending at “x” going clockwise. No way a dictionary attack can figure that one out!
Want to make if even harder, try skipping SHIFT when typing it, and you’ll get: “xDr%tHnBvC“!
Tip 5 Don’t use these !
Don’t ever use anything in this list, this information is available to everyone now that social media is the standard for interaction.
Don’t use obvious facts about yourself: your partner, child(ren), pet’s name followed by a 0 or 1 (because they’re always making you use a number, aren’t they?)
Don’t use the last 4 digits of your social security number.
Don’t use 123456 or even 123456789
Don’t use your favorite book, favorite team, Alma matter, or your favorite movie.
Don’t use your date of birth, or that of your partner or child.
Don’t use “password” or “god” or “letmein” or “love”
So while it’s very tempting to use the same password that you have been using for the past decade, it is generally not a good idea. Yet it always seems like a daunting task that you will have to keep on changing your passwords endlessly. Hopefully this post gave you some ideas on how to manage and recall passwords, and how to keep your accounts and your computer environments safe and secure.
Do you have any other tips to share with us? What are your thoughts? Please let us know by leaving a comment below.