Tuesday, October 18, 2005

Passwords - carrying on from Wendy

Carrying on from Wendy's post about passwords, i too have difficulty remembering my passwords - blogging, cecil, internet banking, hotmail, logging on to the computers themselves, internet connection.. theres tons, and ive got into the unfortunate habit of using the same (simple) password for most of these.
I know its bad, but when it comes to remembering things I can hardly remember peoples birthdays let alone a new password each week.
I had a look at what Mircrosoft had to say when it comes to password security, and they outlined 5 tips for ‘top-notch password security’.

1. Don’t be complacent: attacks can and do happen.
Ok, well I didn’t think this tip would help that much... but it did say that there’s three ways hackers will get to you, brute force, dictionary attacks and social engineering, and it describes how each of these function. And it also says that according to George Shaffer (a password expert), if a password is 8 characters in length and utilizes upper and lower cases, numbers and keyboard characters, it wont be cracked for two years. Reassuring, but I wonder how true this is. Apparently he has more tips on creating passwords at www.geodsoft.com/howto/password.
2. Know what makes for a bad password.
Here all the common sense things are listed, like using only letters or numbers, things directly related to yourself etc etc..
3. Get proficient at creating good passwords.
“A good password is one that is easy to remember but difficult to guess”. Easier said than done… but they do suggest using numbers that resemble the letters in the password your making, such as in their example - p@7sw0rd. Or they suggest you could use the first letters of each word in a favorite sentence such as a verse from a song.
4. Safeguard your password.
In this case it doesn’t mean putting it under your keyboard, or sticking it to the monitor, but rather, use it a couple of times the first day to get used to it, and if you must write it down, shred the paper when you’re done. However, I don’t think that even this would help me remember lots of them.
5. Change your password often – as in several times a year.
Uni does remind us to change our passwords occasionally which is useful, although generally this is only once a year. I’d be lucky if I even do that. Every thirty days may seem like a lot, but Microsoft seems to think that this is sufficient. However, if I have at least 10 different programmes each with a different password, it may take me near to another 30 days to think up knew passwords and cunning new ways of writing them! – and then theres the remembering thing.

Microsoft also suggests using these programs that help you manage all of your passwords: Account Logon (www.accountlogon.com; $24.95) and Roboform (www.roboform.com; $29.99). I don’t know much about them, and how they function, but all the same, I can’t see how storing information about all your different passwords in one place is very safe!

Considering my current financial status, I originally couldnt see why anyone would want to hack into my bank account - and itd be a wasted effort if they did. But then it was mentioned (in last weeks lecture for this class i think...) about how hackers manipulated the system to make the 1c left over from $**.99 transactions come into their accounts, and then this quickly added up (think hundreds or thousands of peoples transactions being used), followed by interest on top of that, this in turn lead to quite a tidy sum. Confusing, but pretty crafty. So im going to change my password. Theres no way i want people spending my 1c pieces - because as they say, every cent counts. Especially when you're a student.
Basically, when it comes down to it, password making is about common sense. If you are going to use basic, easy passwords, then you have to expect that your open to be 'hacked'. If you want to feel secure, then you have to take appropriate steps, and try your damned hardest to remember what that favourite quote of yours was.


Post a Comment

<< Home