Security on the Big Bad Internet

In today’s electronic world security is a big concern. Just about everything about us is stored electronically: Birth records, marriage license, legal proceedings, academic records, property ownership, financial information and so on.  While these things are important for managing the varied pieces of our lives lest they spiral out of control over time, as if they aren’t enough we also advertise ourselves on MySpace, Facebook, Twitter and other social networks, and who doesn’t send the occasional text message?

As uncomfortable as it may be to ponder upon, there really is no privacy anymore. Your privacy is up to you, and all you can do is limit the amount of information and the ease of access others have to it in our digital world. On that vein, I’d like to discuss the most common form of security on the Internet: passwords.

Coupled with a user name, passwords are used to authenticate a user onto a network so they can access services such as email and banking. Over the years password requirements have gotten more stringent. I remember when I had a 5 character password for my Hotmail account. I doubt there is a system out there today that would let you get away with such a short password. On top of that, we are now typically required to enter symbols, numbers and mixed case letters. Why?

Computers keep getting faster and faster. My dad calls me for advice when he’s looking to upgrade his computer, I ask him what he’s looking for in a computer and he says, “I want it to be fast.” Fast computing works both ways, Microsoft Word can open up in the blink of an eye, and a malicious user can set their computer to attempt billions of login attempts in minutes when it used to take weeks or longer. With that in mind, how long do you think it is going to take that computer to come up with your dog’s name, your wife’s, your children’s?

The problem is, humans aren’t all that great at remembering random characters, so we use something familiar. Now, I know what you are thinking, “I’ll just substitute letters with similar looking numbers. Those nefarious hackers will never guess that!” I’ve got news for you–that will be among the first things tried among those billions of password cracking attempts. Now you’re saying, “Well, I’ll use a phrase like, ‘all good boys eat fudge’.” One of the methods of cracking passwords is called a Dictionary Attack. Among the billions of attempts, common phrases will be used, along with letters substituted with numbers. Nice try though.

How do you make a secure password? Use a combination of phrases and substituting letters. But I just said that was bad, didn’t I? Here’s the trick.

First start with a long phrase: “I only regret that I have but one life to give for my country”.

Choose the first letter of each word: Iortihboltgfmc

Right there you already have a relatively random thirteen letter string of characters.

Next, substitute some of the letters with numbers: l0rtihb0ltgfmc

Next, substitute some of the letters with symbols: l0rt!hb0ltgfmc

Lastly, capitalize some of the letters: I0rt!Hb0ltgfmC

Voila! You have a reasonably secure password. I put this password through a password strength rater (http://www.passwordmeter.com) and it earned a score of 94% secure. Not bad, and I could most likely remember it after entering it a few times because I know the process I went through to create it.

A few extra tips regarding passwords:

• Don’t use the same password for everything, if cracked it provides an all access pass to your digital life on the Net.
• Don’t use the same password for sensitive information and non-sensitive information. For example, your Twitter account and your online baking account.
• Don’t write them down, if you feel you must, put them in a secure place (ie: safe, strong box, safe deposit box).
• Do not use default user names and passwords that came with software or hardware, they are well documented and can be googled in an instant

As you can see, a little extra effort and some foresight can give you much more peace of mind when it comes to the security of your accounts. While you may  not always have the option, you could use this process to create your username as well. Forewarned is forearmed, good luck and godspeed!

Michael McNairy

Tags: online passwords, online security, passwords

This entry was posted on Friday, April 16th, 2010 at 9:35 am and is filed under Marketing. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.