In the last post I mentioned how we need to get away from a “password” and move to "pass phrases”. Their longer length and (hopefully) use of lower and upper case along with punctuation and other tricks make it more difficult for hackers and others to break into our PCs.
I’d like to share a few more thoughts with you about passwords and “passphrases”.
It goes without saying that a strong “passphrase” will protect you much better than a weak password.
But you have to be careful with even a strong “passphrase”.
If you use a favorite saying, or a favorite book title as your “passphrase”, it may still be broken by someone.
HOW? Lets say that your teenage son or daughter asks to use your PC because their PC isn’t working and they need to print out a homework paper. So you give them your “passphrase”. OR they may have a friend over and you give your child the “passphrase” not even thinking that the friend of your child now knows your “passphrase.”
In the event someone else needs to use your PC you need to type it in for them. DO NOT give it to anyone. Once you give it out you yourself have compromised the “passphrase.”
Another thing to keep in mind is the email that “friends” send “friends.” This email asks for personal information about you. This is so your email friends can get to know you. They may ask silly questions like your pets name, your favorite movie, when you were married, etc.
Also be careful of the information you post of “my space” as well and for the same reasons.
This information is a treasure trove of possible passwords / “passphrases” for those who might want to break into your PC.
Never respond to such emails. And however hard it is try to keep yourself (and your children) from posting too much personal information on “My Space”.
And if you have….posted this information OR given your child or their friends your password / “passphrase”…you better change your “passphrase” ASAP.
If you check the little boxes that say “remember my log in information and or password” You’ll need to change them as well.
Don’t take this too lightly. The skillful hacker can get enough info from oen of these”friends” email or “my space” to get your account information from ISP’s like AOL. Or they might be able to access yout account info on Amazon or other sites.
Showing posts with label computer security. Show all posts
Showing posts with label computer security. Show all posts
Tuesday, March 6, 2007
Friday, March 2, 2007
Pass words vs. Pass phrases
Pass words are a part of life for anyone using a computer, PDA, or numerous other devices.
While we are trying to help the absolute novice with computer related information, understand that many who are computer "experts" don't practice the simple items here. They do so at their own peril.
Pass words and pass phrases are the first line of defense in keeping your information private.
And like it or not, YOU play THE major part in protecting your private information.
You've probably seen people (not that you would do this) leave their passwords taped to their desk or monitor. Even worse...do you know anyone who does this at home?
Some people use the same password over and over just adding a new number at the end of the same word. i.e. Lassie1, Lassie 2, Lassie3 etc.
Doing these things make it easy to break into your computer especially at home. Not everyone tyring to break into your home PC is an international terrorist. It could be a relative, neighbor, or the friend of your son or daughter.
I suggest that you might want to use passphrases instead of pass words at work and home.
Using simple pass words are not adequate.
Now before you get worried that a pass phrase is complicated, it is not. It can be much stronger that any password and even easier to remember.
Here are some examples of pass phrases: (Don't use these - they are just examples to givve you ideas to come up with your own.)
Your favorite book titles may make a good pass phrase:
20,000 Quips and Quotes becomes 20K Quips & Quotes
Fortress Third Reich becomes Fortress 3RD Reich
Another example of an easy passphrase to remember would be:
"I believe I will have a GREAT day!"
Notice that changes I made to the book titles or phrase. I wrote 20,000 as 20K. I used some caps and some lower case letters, and I used some punctuation. These all strengthen the pass phrase.
What makes a strong pass phrase?
Use upper and lower case letters
Use numbers and symbols.
Choose something easy to remember so you don’t write it down on your desk. But change how it is written to make it stronger.
What not to do:
Don't use any thing obvious to a hacker…i.e. a special someone’s name, a pet’s name, birthdays etc.
Don't use the same password over and over and add a number to the end.
An even stronger version of the passphrase is one that does not contain any known word. It is compeltly random combination of letters, numbers, and symbols. BUT this also makes it harder to remember.
*(89HgY3R2R
In theory they could be guessed but this type of passphrase is much stronger.
It is possible to have a passphrase that you can remember without having to write down, but still meet the requirements of a good passphrase. It involves a compromise by using words and numbers that you will remember but mixing them up.
For example, say your son Jason was born on the 15th of June 1983. By taking his birthday 6/15/83 and interspersing his name spelled backwards, you could get the passphrase n1o9s8a3j. While it may look difficult to remember you simply need to know the "key" to your password. This password would be very hard to crack.
To take it one step further you can increase teh strength of this last passphrase even more. You could capitalize some of the letters and add a punctuation mark.
Remember your PASSPHRASE is the first line of defense. Make it good one!
While we are trying to help the absolute novice with computer related information, understand that many who are computer "experts" don't practice the simple items here. They do so at their own peril.
Pass words and pass phrases are the first line of defense in keeping your information private.
And like it or not, YOU play THE major part in protecting your private information.
You've probably seen people (not that you would do this) leave their passwords taped to their desk or monitor. Even worse...do you know anyone who does this at home?
Some people use the same password over and over just adding a new number at the end of the same word. i.e. Lassie1, Lassie 2, Lassie3 etc.
Doing these things make it easy to break into your computer especially at home. Not everyone tyring to break into your home PC is an international terrorist. It could be a relative, neighbor, or the friend of your son or daughter.
I suggest that you might want to use passphrases instead of pass words at work and home.
Using simple pass words are not adequate.
Now before you get worried that a pass phrase is complicated, it is not. It can be much stronger that any password and even easier to remember.
Here are some examples of pass phrases: (Don't use these - they are just examples to givve you ideas to come up with your own.)
Your favorite book titles may make a good pass phrase:
20,000 Quips and Quotes becomes 20K Quips & Quotes
Fortress Third Reich becomes Fortress 3RD Reich
Another example of an easy passphrase to remember would be:
"I believe I will have a GREAT day!"
Notice that changes I made to the book titles or phrase. I wrote 20,000 as 20K. I used some caps and some lower case letters, and I used some punctuation. These all strengthen the pass phrase.
What makes a strong pass phrase?
Use upper and lower case letters
Use numbers and symbols.
Choose something easy to remember so you don’t write it down on your desk. But change how it is written to make it stronger.
What not to do:
Don't use any thing obvious to a hacker…i.e. a special someone’s name, a pet’s name, birthdays etc.
Don't use the same password over and over and add a number to the end.
An even stronger version of the passphrase is one that does not contain any known word. It is compeltly random combination of letters, numbers, and symbols. BUT this also makes it harder to remember.
*(89HgY3R2R
In theory they could be guessed but this type of passphrase is much stronger.
It is possible to have a passphrase that you can remember without having to write down, but still meet the requirements of a good passphrase. It involves a compromise by using words and numbers that you will remember but mixing them up.
For example, say your son Jason was born on the 15th of June 1983. By taking his birthday 6/15/83 and interspersing his name spelled backwards, you could get the passphrase n1o9s8a3j. While it may look difficult to remember you simply need to know the "key" to your password. This password would be very hard to crack.
To take it one step further you can increase teh strength of this last passphrase even more. You could capitalize some of the letters and add a punctuation mark.
Remember your PASSPHRASE is the first line of defense. Make it good one!
Subscribe to:
Posts (Atom)