4Jun/120

Secure Password Selection

I would like to take this opportunity to inform you about a very important matter regarding your dealing with/in the world wide web.

The importance of picking a good, secure password can't be emphasized enough.
Your password is the way the computer verifies that someone logging in is really you, so pick something that cannot be guessed by others. The top reasons people gain unauthorized accesses to a password protected system is: They guessed someone's password. (often because they found it on a piece of paper next to the victim's computer or because they saw the person type the password in, but also because they use software programs that are VERY good at guessing common passwords.)

What happens to people who choose weak passwords
If someone else obtains your passwords, they may start to use your account to see your private data, including email, your bank accounts etc. They could start to alter or destroy your files or they could take over your computer; and they might even perform illegal activities in your name -- in such cases, it is difficult to find out who the culprit is and you might get under suspicion.

The basics
The following guidelines will guard against someone finding out your password and using your account illegally:
1. Make your password as long as possible. The longer it is, the more difficult it will be to attack the password with a brute-force search. Always use at least 6 characters in your password, at least two of which are numeric.
2. Use as many different characters as possible when forming your password. Use numbers, punctuation characters and, when possible, mixed upper and lower-case letters.
3. Do not use personal information in your password that someone else is likely to be able to figure out. Obviously, things like your name, phone number, and address are to be avoided. Even names of acquaintances and the like should not be used.
4. Do not use words, geographical names, or biographical names that are listed in standard dictionaries. Your password might be hacked by a so called “dictionary attack”*.
5. Never use a password that is the same as your account number.
6. Do not use passwords that are easy to spot while you're typing them in. Passwords like 12345, qwerty (i.e., all keys right next to each other), or nnnnnn should be avoided.

So be aware of these points and choose either on your own a secure password or use a password generator that you easily find in google by the keyword “password generator”.

This is how a secure password might look like:
4(&V_x5%K?=mK3D

*Dictionary attack:
Wikipedia defines: A dictionary attack uses a targeted technique of successively trying all the words in an exhaustive list called a dictionary (from a pre-arranged list of values). In contrast with a brute force attack, where a large proportion key space is searched systematically, a dictionary attack tries only those possibilities which are most likely to succeed, typically derived from a list of words for example a dictionary (hence the phrase dictionary attack) or a bible etc. Generally, dictionary attacks succeed because many people have a tendency to choose passwords which are short (7 characters or fewer), single words found in dictionaries or simple, easily predicted variations on words, such as appending a digit. However these are easy to defeat. Adding a single random character in the middle can make dictionary attacks untenable.

Posted by: Katharina | Tagged as: , , No Comments