[Reader-list] Passwords
Harsh Kapoor
aiindex at mnet.fr
Mon Oct 7 21:26:07 IST 2002
Far Eastern Economic Review
Issue cover-dated October 10, 2002
LOOSE WIRE
Try Cracking This Code
By Jeremy Wagstaff
Passwords. People are always banging on at you to change them, keep
them secret, don't put them on a sticky on the side of your screen,
don't use your pet Komodo's name and all that, right? Jeez, would
they just lighten up already?
Well, I hate to be a killjoy but they have a point. With more
financial transactions being made on-line--from air miles to banking,
to bill-paying, to book-buying--more and more of our personal data is
at risk of being compromised. The development of the Internet relies
on people like us feeling comfortable hanging out there. I'm not
going on-line shopping, banking or gambling if I don't think my data,
bank account and credit cards aren't safe. This means privacy, and
security must be assured. And yet all this information is deeply
compromised --not only by other people, but by ourselves.
You may not think your password protects much: Most of us believe we
don't have that much that other people would want to expend a great
deal of effort to try and take from us: "Who's going to go to all
that trouble to get my e-mail password, for crying out loud?" I hear
you cry.
The problem is that, for a ne'er-do-well, a password is a foot inside
the door to a much larger treasure trove. If they can get your
password, they might be able to hack into a bigger network; or, in
your case, if they know the password to your Yahoo mail account they
might figure--with good reason, I'd wager--that it's the same as, or
similar to, your password to other, more lucrative on-line treasures,
like your on-line bank account. A chink in the armour is all that is
needed.
What to do? Passwords are very easy to crack if they're simple. The
longer and more complex your password, the harder and longer it's
going to take someone to crack. If the program, or Web site, you're
signing into allows you to use 14 characters or more, use them; if it
allows capital letters and other characters, use them. It's the
difference between a ne'er-do-well taking about 30 seconds to crack a
password like "johnbrown" and days, even months, if it's
"j()7*~n_b50%N."
The trick is to make up something you can remember. A great password
forgotten is no use. So here are some tips:
-- Base the password on mnemonics or acronyms, not words or names.
Use your favourite song titles, movies, football teams as starters.
It's got to be something that you know a lot about, but not something
that other people can find out about you--such as your birthday, your
place of birth, or your kids' names. The first letters of the movie
The Year of Living Dangerously, for example, could be used in
conjunction with its two main stars, Mel Gibson and Sigourney Weaver,
to read "tyoldmgsw."
-- That's just the start. Now you have something you can remember,
but it's still just basic letters. You need to turn some of them into
numbers, punctuation symbols and capitals. Try turning the o into a
similar-looking zero, the l into a one and the s into a five. That
would give you "ty01dmg5w" which is a lot better, and still easy to
remember, since the numbers are similar to the letters they've
replaced.
-- This, sadly, is still not good enough. The people who write
hacking programs are on to this kind of trick, so your password is
still vulnerable. It needs an extra trick or two. Try capitalizing
the family-name letters, alter the 0 to similar-looking bracket marks
(), and move the numeric characters one key to the left on your
keyboard.
If your passwords are as good as that, then you should be safe. But
there's still a weakness, and it's still human. Never give your
passwords to anyone, don't reuse them for different accounts, and
change them every few months. Store them on your personal digital
assistant if you like, but remember that, even if it's in a
well-encrypted file, all your valuable info is just one password away
from being accessed by someone. If they steal your device, chances
are they're eager enough to try to crack the password protecting all
your passwords. Passwords are better kept in your head, triggered by
things you'll never forget.
Now, if you'll excuse me, since I've told you my password I've got to
go make up a new one.
Write to me at jeremy.wagstaff at feer.com
More information about the reader-list
mailing list