Wednesday, May 16, 2012
On 6:40 PM by Unknown No comments
The guide to password security (and why you should care):
In a better world, vulnerable accounts like banks, medical records, e-mail, and cloud drives would be protected with biometric systems. A swipe of a finger or a retina scan would allow access to your most important data.
Alas, eight-or-more-character passwords still dominate Web service log-ins. Anything from your investment portfolio to your Facebook account is simply accessed with an e-mail address (or username) and a few characters.
Yet, many Internet users continue to use easy-to-guess passwords like "123456," "qwerty," or their first names. Even worse, users repeat the same password (or a variation of one) across many accounts, putting themselves at greater risk of being hacked.
From password creation to password management, follow this guide to ensure your data is safe, secure, and prepared to withstand a security breach.
How are passwords exposed?
Before we dive into the how-tos of creating secure passwords, it's important to understand why you need a supersecure password to begin with. After all, you might be thinking, "Who would want to hack little old me?"
There are a few ways your account passwords can be compromised.
Someone's out to get you.
Enemies you've created, exes from your past, a nosy mother, an intrusive spouse -- there are many people who might want to take a peek into your personal life. If these people know you well, they might be able to guess your e-mail password and use password recovery options to access your other accounts. (Can you tell I'm speaking from experience?)
You become the victim of a brute-force attack.
Whether a hacker attempts to access a group of user accounts or just yours, brute-force attacks are the go-to strategy for cracking passwords. These attacks work by systematically checking all possible passphrases until the correct one is found. If the hacker already has an idea of the guidelines used to create the password, this process becomes easier to execute.
There's a data breach.
Sony, which wasn't careful in encrypting its user data, was targeted in a series of attacks where hackers (Lulzsec) exposed more than 1 million e-mail addresses, passwords, and accompanying data like home addresses and phone numbers. Most recently, a security hole was found in Max OS X's FileVault, where users' log-in passwords were available in plain text.
What makes a good password?
Although data breaches are out of your control, it's still imperative to create passwords that can withstand brute-force attacks and relentless frenemies. Avoiding both types of attacks is dependent on the complexity of your password.
Ideally, each of your passwords would be at least 16 characters, and contain a combination of numbers, symbols, uppercase letters, lowercase letters, and spaces. The password would be free of repetition, dictionary words, usernames, pronouns, IDs, and any other predefined number or letter sequences.
The geeky and security-savvy community evaluates password strength in terms of "bits," where the higher the bits, the stronger the password. An 80-bit password is more secure than a 30-bit password, and has a complex combination of the aforementioned characters. As a result, an 80-bit password would take years longer to crack than a 30-bit password.
Ideal passwords, however, are a huge inconvenience. How can we be expected to remember 80-bit (12-character) passwords for each of our various Web accounts?
Creating secure passwords
In his guide to mastering the art of passwords, Dennis O'Reilly suggests creating a system that both allows you to create complex passwords and remember them.
For example, create a phrase like "I hope the Giants will win the World Series in 2013!" Then, take the initials of each word and all numbers and symbols to create your password. So, that phrase would result in this: IhtGwwtWSi2013!
The next option is to use a password generator, which come in the form of offline programs and Web sites. The best choice here would be to use an offline generator, like the appropriately named Random Password Generator, so that your created passwords can't be intercepted.
While you experiment with different passwords, use a tool like How Secure is my Password? to find out if it can withstand any cracking attempts. This particular Web site rates your password's strength based on how long it would take to crack. If it's too easy, the meter will let you know what elements you can add (or remove) to strengthen it.
Check the strength of your passwords at the How Secure Is My Password site, which indicates how difficult your password is to crack, and whether it's on the site's common-password list.
(Credit: screenshot by Dennis O'Reilly)
Microsoft offers its own online strength checker, and promises that the form is completely secure. Mac users can use the built-in Password Assistant to check their passwords' security.
Keeping track of secure passwords
If you follow one of the most important commandments of passwords, you know that you absolutely must have a unique password for every service you use. The logic is simple: if you recycle the same password (or a variation of it), and a hacker cracks one account, he or she will be able to access the rest of your accounts.
Obviously, you can't be expected to memorize dozens of crazy, 16-character-long passwords.
This guide thoroughly explores the different options for managing your passwords, including things like storing them on a USB drive, and even writing them down. Although it's ultimately up to you, he presents a strong argument for using the ol' sticky note method.
Using a password manager
Password managers store all of your passwords for you and fill out your log-in forms so that you don't have to do any memorizing. One of the most secure and intuitive password managers is LastPass.
(Credit: LastPass Inc.)
LastPass is unique in that it is made of two parts, coupling an offline program with a browser plug-in. All encryption and decryption happens on your computer so that your data doesn't travel over the Internet and is not stored on any servers.
As you create new accounts or change your passwords, LastPass will ask you if you'd like to create them using its password generator, which is designed to generate hard-to-crack passwords.
If you choose those route, you'll still have to remember at least one thing: your master LastPass password. Do be sure to make it extra secure, and composed of at least 12 characters to ensure that it's not vulnerable to any brute-force attacks.
It's worth noting, however, that just like any software, LastPass is vulnerable to security breaches. In 2011, LastPass experienced a security breach, but users with strong master passwords were not affected.
Subscribe to:
Post Comments (Atom)
Search
Popular Posts
-
Convert ur 2G NTC sim into 3G for free Convert ur 2G NTC sim into 3G for free*.. Write 3G in ur msg box and send it to 1400 Ur 3G service...
-
How to Use Telnet Client 1) Install the Telnet Client. Click on the "Start" button and then select "Control Panel....
-
Advantage and Disadvantages of Internet Explorer 9 Advantages HTML5: One of the biggest advantage of Internet E...
-
Surfing on the internet, the definition has obviously changed. We need fast, secure and cheap connection. Nepal is certainly having probl...
-
What is Wimax? WiMAX (Worldwide Interoperability for Microwave Access) is a wireless communications standard designed to provide 30 ...
-
Learn Facebook Keyboard Shortcuts to get your work done on fingertips Keyboard shortcuts are the best way to get the work d...
-
How to make your IDM (Internet Download Manager)? Make Your I.D.M. 5x faster [100%working] 1. Click the icon IDM 2. Click Option 3. On...
-
NHow to Make a Wi Fi Booster Using Only a Beer Canot only is this clever use of a beer can an ultra cheap tech hack, it also means less fid...
-
Boost Torrent Download Speeds Using UTorrent Turbo Booster uTorrent Turbo Enhancer is a latest plug-in designed to increase the perform...
-
How to Convert a FAT or FAT32 Volume to NTFS in Windows 7 Before you start to convert a FAT or FAT32 volume to NTFS, please consider th...
Recent Posts
Categories
Sample Text
Balamisuden@2012. Powered by Blogger.
0 comments:
Post a Comment