Defense Against Crime

12/07/2011

Password Correct..Access Granted

In this digital age, almost all of us are using a computer to access messages, social media networks, manage some aspects of our financial life, some other aspect of personal computer usage that puts aspects of our lives open to someone who has the key. I usually tell people not to hide their residence keys in obvious places, like under the welcome mat. The same common sense should be used is hiding the digital keys to the virtual residences of our lives. How safe would you feel is a crook has the keys to your house? The same sense of security should be taken when it comes to wanting to secure. One of the sad things is that we can unknowingly tell clues about our lives on-line in places like Facebook, or blogs, or ancetry.com that a thief can use to help him figure out possible passwords. If any of you have seen the 1983 movie War Games, you may remember that the Hacker was able to gain access to the system, by figuring out that the programmer used the name of his dead son as his backdoor password.

To highlight the necessity of securing your digital life should be news story accounts of security breaches at Abbot Labs,  IBM, Sony, Booz Allen Hamilton, Fox News, NBC, New York Times, Apple, Microsoft, Facebook, Twitter, Linkedin, the US Government and hundreds of other companies. These stories have exposed how insecure or unprepared these major websites and companies, to which consumers like you and I entrust their personal information really are. While we expect some level of security at corporation, ultimately, your security is your responsibility. Unfortunately one of the side effects of this is that these stories have exposed, is just how helpless we can be. Close examination of a sample set of 40,00 username and passwords out of a sample size of over a million have revealed some interesting results.

Some analysis results:

1. The analysis showed about 50% of the passwords are less than eight characters long. Eight characters are considered, the minimum length you should even consider when choosing a strong password.  (These passwords only take less than a minute  for a PC to crack) 2. Only 4@ percent of the passwords analyzed used at least makes use at least three of the four character types (Upper case letters, lower case letters, numbers, special characters like #|*. The vast majority only used one character type, such as all lowercase letters or all numbers.  (These passwords only take about 3 days for a PC to crack) 3.. Over 33% of the analyzed were not random character like “qp}Edhg!13evTOI” rather than “ILikeSpock”. These analyzed passwords could be found in a common password dictionary. The most frequent passwords use included: seinfeld, password, 123456, purple, princess, maggie, peanut, shadow, ginger, michael, buster, sunshine, tigger, cookie, george, summer, taylor, bosco, abc123, ashley, and bailey.  (most of these take less than a second for a PC to crack, ‘IlikeSpock’ takes about a year) 4. 67% of users had the exact same username/email and password on different systems used the same password on both systems. BAD BAD BAD

6 Simple Rules for some great passwords

  • NEVER choose passwords less than 8 characters long and that are made up solely of numbers or letters. Use letters of different cases, mixtures of digits and letters, and/or non-alphanumeric characters. The longer a password the better so strive for passwords over 8 characters long. If some systems limit the numbers of characters. It’s doesn’t have to be complex as “Picard-Delta-47-Alpha-21” or “173467321476C32789777643T732V73117888732476789764376” which would take a PC 14 octillion  years anf 6 vigintillion years to crack respectively
  • Randomness is also key to a great password. NEVER choose a password based upon personal data like your name, birthday your username, or other information that one could easily discover about you from such sources as searching the internet.
  • Create a list of 10-12 such as Qy#i1827Vbsg12348()17w passwords that are random and use a password management program like 1Password or LastPass, or create and remember a password recipe or simple padding pattern.
  • NEVER choose a password that is a word (English, German, or otherwise), proper name, name of a TV shows, or anything else that one would expect a clever person to put in a “dictionary” of passwords. Especially if it can be found it’s something your found of like ‘Hello Kitty’, ‘Disney’, etc
  • NEVER choose a password that is a simple transformation of a word, such as putting a punctuation mark at the beginning or end of a word, converting the letter “l” to the digit “1”, writing a word backwards, etc. For example, “password,123” is not a good password, since adding “,123” is a common, simple transformation of a word. Neither is using password where you have substituted the number zero for the letter “o”
  • NEVER EVER EVER use the same password for all your logins.

How to Make Up a Great Password

Passwords should contain a mix of the following sets

  1. lowercase letters
  2. uppercase letters
  3. Numbers
  4. special characters !,#,$,+,%,~ etc
  5. Should be longer than 8 Characters
    1. Example the Password 1@Tf%s&E9Te which is based on the numbers 1-2-3-4-5-6-7-8-9-10 would take a PC 4 Thousand years to hack.

Password Levels

  • Level One – contains at least one of the character sets
  • Level Two – contains at least two of the character sets
  • Level Three– contains at least three of the character sets
  • Lever Four -contains all four character sets
  •  You can Include some simple substitution like 3 for e, zero for o, 1 for I, 7 to T, 2 for S

Example of how to create a good password

  1. Think of two unrelated things you like computer & socks books & dogs autumn & chocolate OR a phrase from one of your favorite movies or tvshows
  2. Join the words with a non-alphabetic character or two. (#,+,|,!..etc.)
  3. Make at least one change (for example, uppercase a letter or add another character) to one of the words (preferably not just at the very beginning or end of the password).
  • Some example passwords generated using this method:
    • C0mput3r%socks
    • B00ks #dogs
    • Autumn|choc0lat3
    • Gen3sis_Doggi3
    • 76TltbpWa110ccah# – (Seventy-six trombones led the big parade With a hundred and ten cornets close at hand.)
    • 2bo!2b_TitQ – -(To Be or Not To be The Question)
    • I106mtC_wgaftog_hapoc_1dawws –
      It’s 106 miles to Chicago, we got a full tank of gas, half a pack of cigarettes, it’s dark… and we’re wearing sunglasses.

      Read more: Music Man – Seventy-six Trombones Lyrics | MetroLyrics

  • Books like the Bible have a great resource to create passwords as it has over 31,173 verses you can use. You can use Bible verses to create passwords like Joshua24I5$, 54Isa1ah17* ,Pr0v3rbs9_8%, J8hn316*

Biometric passwords – There is an increase of computers give you the ability to use biometric data such as facial recognition, fingerprint, retna patten or voice print data to generate a unique password based on your data. However there have also been reported successful hacks for these methods.   An example of this would we be the Apple fingerprint lock, which was able to be bypassed the week it was released.

Second Key Authentication: Many systems like Facebook, Google, Yahoo, hotmail, PayPal, and even financial institution offer second key authentication. In this method you give  the institutions your mobile phone number. When you attempt to login, the system sends a special random access code to the users mobile phone. To complete a login the user must type in this code. Which mean they have to have your phone.

Personal Info Authentication: Many systems ask the user to select personal info questions to set up their user accounts such as color of your first car, or mother’s maiden name, or best friend. These questions are to help users in case they have forgotten your password.  Be careful what info you select! Some information is public information, or can be gathered from your facebook profile.  For example if your question is ‘Name of the High School you attended?’ and your are member of the Richard M Nixon High School group on facebook, then it’s not hard to answer this question.  What I can suggest is giving easy to nonsense answers. For example for all your selected question, put in the name of your favorite something (recording artist, fruit, book, author).  I mean if you you select mother’s maiden name as your question, and typed in Mayberry.  it is highly improbably that anyone trying to hack your account will guess that.

CHANGE YOUR PASSWORD…OFTEN

Most computer security professionals recommend changing your Internet passwords and account login information at least once every three to six months. Though some debate if it is necessary, however if you want to be safe change it. It may be safe for you to wait longer; it just depends on your computer habits, and how and where you surf the web. I recommend changing all your passwords at a minimum of once a year, perhaps the day after your birthday, or on New Years day, or first day of spring (spring cleaning). Changing all of your Internet passwords can be a time-consuming and even an exasperating task, especially if you have lots on on-line accounts. But it is a sure way to guarantee a modicum level of safety; however, it is not the only safety precaution that should be considered for your login information. Whether you bank online or you are just sending a few simple emails, secure passwords are essential. You’ve heard of problems caused from hackers, who use your account to do illegal activity. There have been incidents of people not only hacking into people’s e-mail, or Facebook accounts, but sending vicious messages.

You should avoid writing down your password or giving it to others. You should especially avoid writing it down and leaving it in a non-secured place such as on a post-it on your monitor or a piece of paper in your desk. If you absolutely must write something down (because you suffer from CRS) , we suggest doing the following:

  • Don’t write down the entire password, but rather a hint that would allow you (but nobody else) to reconstruct it.
  • Keep whatever is written down in two places like a small notebook or other place that only you have access to and where you would immediately notice if it was missing or someone else gained access to it. (like in the movie Ghost)
  • Keep a list of 8 to 10 passwords of length 9 to 15 characters
  • Treat the not book like the One Ring – Keep it secret -Keep it Safe

TEST YOUR PASSWORD

There are several great website that will examine your password and tell you how strong that are. Such sites include

  1.  http://www.passwordmeter.com/
  2. https://howsecureismypassword.net/

However remember that hackers have tools as well, so you should have as many security measures to help reduce your chances of being hacked. Many sites link PayPal, Google, Facebook, Twitter and more have code key authentication features. You can turn these on, and when you (or anyone else) attempts to log in to your account, a numeric code is sent to your cell phone, and you need to type in that code to log in.  Sometimes it’s a hassle, especially if you loose or don’t have your phone with you.

NEVER EVER – TELL ANYONE YOUR PASSWORDS or LET SOMEONE KNOW WHERE YOU KEEP THEM..except in your will.

PepperEyes.com is dedicated to providing you with the best and most affordable self-defense products on the market to meet the security needs of you, your family members or your business, by assisting anyone who is unwilling to become a victim of crime.  If you want to take personal responsibility for self protection, home security, business security, purchase our high quality discount self-defense products and arm yourself with the knowledge about self-defense and security products and information of the best way to stay secure in an ever-increasing violent world. In today’s society, being equipped mentally and physically is no longer an option. PepperEyes.com is a division of Onyx Knight Enterprises.

Advertisements

3 Comments

  1. It’s the best time to make some plans for the future and it’s time to be happy. I’ve read this post and if I could I desire to suggest you some interesting things or suggestions. Maybe you can write next articles referring to this article. I want to read more things about it!

    Like

    Comment by Sonia Shelvey — 13/07/2011 @ 10:07 AM

  2. Excellent article over again! I am looking forward for your next post!

    Like

    Comment by escorts san diego video — 25/07/2011 @ 3:20 PM


RSS feed for comments on this post.

Blog at WordPress.com.

%d bloggers like this: