Tuesday, June 7, 2011

Password Security

        The first line of defense in protecting computers is password security. Maintaining, updating, and strictly controlling the use and complexity of a password is one of the most integral pieces in securing computers and data. It is an important roadblock to prevent intruders from accessing your most important files. And, despite repeated warnings, it is often the most neglected area of security for computer systems.
        Take a moment to think back on the passwords that you use on a daily basis. Passwords that you use for logging in to your computer, to check your email, to post to Facebook, to log in to company programs, to check your bank statement, to order an item from Amazon. Review them quickly and determine if you are doing a good job of password management.
        - Do you repeat passwords for multiple websites? Is the password for your Facebook the same as the answer to the security question on your banking website? Is your email account password the same as the one you use to log in to your company’s web portal?
        - Do you have a blank password for your Windows/OS login?
        - Do you use your first name as a password?
        - Do you use regular words that can be found in a dictionary as a password?
        - Do you use only letters or only numbers as a password?
        - Do you use your anniversary or a birthday as a password?
        - Do you use a child’s name or a pet’s name as a password?
        - Do you use default passwords like “12345” or “password”?
        - Do you use passwords that contain readily available personal information that could be found on MySpace or another social site?
- Is there an Excel spreadsheet named “Password” stored on your computer that contains a list of all important passwords?
        I am willing to bet that, while reading the above list, you thought more than once that Carnac the Magnificent was writing this blog entry. Without much luck, any person with nefarious ideas has guessed or determined one or more of the passwords you use on a daily basis.
        In addition to passwords that are easily guessed, many people make it even easier for their information to be compromised through poor password control. A person wouldn’t leave their car keys on the roof of their car while they went shopping and they wouldn’t provide copies of their house keys for everyone in the office. However, there is a good chance one of your passwords is written on a sticky note attached to the monitor or under the keyboard. You’ve probably told a friend or coworker the password that you use for Amazon or Facebook or your email or one of a dozen other uses.
        There is also the threat of outside attack from malware or phishing scams. And, such attacks can victimize anyone, including senior government officials. Even with all the security in the world, a momentary lapse in judgment can cause devastating problems.
        Protecting your password, protecting your computer, and protecting your life is an ongoing process that requires persistence, planning, and a little dedication.
        The first step to keeping passwords safe is the creation of complex and secure passwords. This can be a daunting process, but it can be simplified in to a repeatable procedure. Below is a 5-step process that creates very secure passwords.
Select a recognizable, but lengthy word (7-10 characters)
Spell the word backwards
Convert letters to numbers or symbols
Capitalize 2 letters (first and middle or middle and last)
Append 4 digit number to the end

        When looking at the above steps, there are a few notes:
        - To convert the letters, look for letters like E, O, L, and S. These letters can become 3, * or 0, !, and $. The addition of symbols and numbers make passwords noticeably harder to crack through the use of hacking programs
        - The 4-digit number does not have to be a random set of numbers, if the worded password is sufficiently complex through the first 4 steps. IF you create a difficult beginning, the 4-digit number can be easily remembered. And, considering most company password creators, changing the last 4 numbers provides sufficient change if password changes are required every 6-8 weeks.
I know that the above steps can be scary or unsettling when you first read them, but a memorable and repeatable procedure for password creation is the best way to create and store passwords over a long period of time. I do not use a program designed to store and protect passwords. If you are interested in researching them, remember that this program will end up holding the keys to your entire personal or professional life. Any password used for the security of that program should be unique and monumentally difficult (10+ characters of random alphanumeric).
        By taking the above steps, you are well on your way to creating protected and safe passwords. However, you must remember that this is only the first step in a continuing process. There are a few additional steps that you must remember to protect those passwords that you spent some time creating.
- Do not use one repeated password for all access that you need. Split them up to separate your data. Use one password for the Windows login, one password for company logins, and one password for social websites like Facebook or email.
Doing this will prevent a widespread loss of security should one of your passwords be compromised. The most dangerous situation for a stolen password is when that password is used for multiple logins allowing the thief unfettered access to all areas of your life.
- Change or modify your passwords on a regular basis. Even with strict security, over time, passwords become stale or less secure. Many browsers have password remember options or auto-fill options and one instance of that on a public computer could compromise your password.
It is suggested that passwords be changed every 6 to 8 weeks for best security practice.
- Remember to keep anti-virus and anti-spyware programs up-to-date and on a regular scan schedule. Most malware (malicious software) designed today is created to log or find passwords and use them to steal personal data.
MalwareBytes AntiMalware and Spybot S&D scans on a regular basis will keep your computer secure and protected from outside attacks.
- Last, but not least, be smart about password security. Do not keep passwords written down in open places. Do not talk publicly about passwords. Do not freely provide passwords through open communication like email correspondence. All of the above work can be undone through one sticky note left on a co-worker’s desk.
Remember, criminals spend hours working on methods and strategies for cracking passwords and stealing data. Every day, they are improving their ability to attack systems and compromise personal information. To combat this, everyone needs to take the time to improve their passwords and data security in an effort to keep their personal data safe and secure.

No comments:

Post a Comment