Prevent Your Password From Becoming Easy Pickings (Or PyPfbEp)

Reply Mon 25 Jun, 2012 10:07 am
Prevent Your Password From Becoming Easy Pickings (Or PyPfbEp)
June 25, 2012
by Wendy Kaufman - Morning Edition

Your crafty password may not be powerful enough to overcome a cyberattacker. Earlier this month, LinkedIn urged its users to change their passwords after a database was hacked, exposing millions of passwords.

When 6.5 million LinkedIn passwords were stolen earlier this month, the revelation made Internet users think again about their ubiquitous words and phrases, and what they can do to make their online accounts a bit safer.

Shoppers in a suburban Seattle mall were asked recently about their password habits. Aaron Brown and Erin Gilmer have very different approaches.

"I try to keep as few as possible," Brown said.

And Gilmer said she has too many.

"They are totally weird. I just make up a different one for a different thing every time," Gilmer said. "Usually it doesn't even make any sense. Most of the time I can't remember it later."

And therein lies the conundrum. If passwords are simple, they're not very secure. And when they're complicated, they're hard to remember. Perhaps it's not surprising that simplicity usually wins and hackers are happy about that.

Tips For A Great Password

Don't use the obvious: Using variations of password, qwerty and 123456 are not ideal because skilled attackers suspect it. The longer and more varied the password, the harder it is to crack. Weak passwords can also be your name, birth date and dictionary terms.

A memorable phrase: Take a phrase and use the first letter of its every word in varying cases as your password. So the saying "In two shakes of a lamb's tail" becomes "I2sOaLt." Try to include numbers, uppercase letters and special characters like !, $ or Greek symbols.

A simpler method: Slate's Farhad Manjoo recommends just typing your phrase as the password, including the spaces. If the website permits it, your password can be written as "Jack and Jill went up the hill."

"In the LinkedIn case, hackers stole data that LinkedIn had in a database somewhere that was supposed to be protected," says Eve Maler, a security and risk analyst at Forrester Research.

"What they ended up getting for their trouble was password hashes. They're kind of like encrypted versions of passwords — [it] looks like gobbledygook," Maler says.

In some cases cyberattackers can decipher gobbledygook and get actual passwords, especially if those passwords are not very robust.

So far, there is no evidence that happened in the LinkedIn case, but many Internet users have just one password for all of their accounts. So if the bad guys have your LinkedIn password, they may also have the password for your online banking.

Don't Sweat The Small Stuff

Password expert and researcher Joseph Bonneau says the passwords people pick are often easy to figure out. He notes that the grand champion in popularity is "123456."

"Counting up from one up to five or to eight are also pretty popular. 'Password' is pretty popular," he says. "There's a few things that are patterns on the keyboard like 'qwerty' and then you kind of get into a couple of nicknames and terms of endearment, so you see like 'princess' is usually in the top 10."

Bonneau, who has been studying at Cambridge University, has looked at plenty of passwords. While interning at Yahoo, he analyzed a database containing more than 70 million passwords.

They were anonymous, but he learned some interesting details about the users. For example, baby boomers used more secure passwords than their kids, and 45- to 55-year-olds used the strongest passwords. Teenagers created the weakest passwords.

The most sobering part of Bonneau's research is that even passwords you think are quite strong may not be tough enough to thwart a committed attacker. So what's an ordinary user to do? His advice is pragmatic: Don't sweat the small stuff.

"I just tell people, 'Don't reuse your important password.' You know, figure out the one or two accounts you have — maybe your banking website and maybe your primary email address — use as good of a password as you can manage for them, and then you can really forget about the rest," he says.

He means don't worry too much about the passwords on accounts that don't contain sensitive information. That's the password philosophy John Perkins, a recent high school graduate, has adopted.

"Something that I'm buying at the local video store will be three characters, and then my bank account will be 20 to 30 characters," Perkins says.

A very strong password would include random upper- and lowercase letters, numbers and symbols.

One suggestion is to take a line you can remember and convert it to a nonsensical password. So, for example, the phrase, "My kids like to build with two-by-fours," would become "MkLtBw2b4." The pattern is not likely to show up in a hacker's dictionary.

Another security hint is to make up the answers to security verification questions. There's no rule that says you have to give the name of a pet just because the form asks for it.

And one big, final suggestion: Use a password manager or password wallet. These apps allow users to securely store complex passwords and other account information in one place. Jennifer Garland simply logs in using a master password, and the app does the rest of the work.

"It's the one password that I really have to remember, because I think if I lose that password, then I lose all my passwords," Garland says.

That would present a gigantic password headache.
  • Topic Stats
  • Top Replies
  • Link to this Topic
Type: Discussion • Score: 1 • Views: 1,161 • Replies: 2
No top replies

Reply Mon 2 Jul, 2012 01:10 am
I think, one should have to pick the unique id and a strong password that has 15 char or more, letters, numbers and symbols such as “a6y8r@gun5#10jiok^”, because by using this kind of password may be harder to crack.
0 Replies
Reply Fri 6 Jul, 2012 11:45 pm
I generally prefer such password which becomes easy to remember and write. I mostly use characters and symbols in my password. But I like the idea of having one master password which incorporates other passwords in it. But in this case, one will has to remember the master password.
0 Replies

Related Topics

YouTube Is Doomed - Discussion by Shapeless
So I just joined Facebook.... - Discussion by DrewDad
Internet disinformation overload - Discussion by rosborne979
Participatory Democracy Online - Discussion by wandeljw
OpenDNS and net neutrality - Question by Butrflynet
Internet Explorer 8? - Question by Pitter
  1. Forums
  2. » Prevent Your Password From Becoming Easy Pickings (Or PyPfbEp)
Copyright © 2024 MadLab, LLC :: Terms of Service :: Privacy Policy :: Page generated in 0.04 seconds on 05/19/2024 at 11:54:50