Sunday, December 19

Are your passwords secure enough

In these WikiLeaks times, an interesting blogpost to be read for the Sunday morning web-surfing is John P.´s article about weak passwords. I have extracted some sentences from his article, but take your time and read his statements yourself:
How id hack your weak passwords.
First: Do you as a password use:
1. Your partner, child, or pet’s name, possibly followed by a 0 or 1 (because they’re  always making you use a number, aren’t they?)
2. The last 4 digits of your social security number.
3. 123 or 1234 or 123456.
4. “password”
5. Your city, or college, football team name.
6. Date of birth – yours, your partner’s or your child’s.
7. “god”
8. “letmein”
9. “money”
10. “love”
Then you are in trouble.

Finally: Some proposal from John P for an improved password security:
Here are some password tips:

1. Randomly substitute numbers for letters that look similar. The letter ‘o’ becomes the number ’0′, or even better an ‘@’ or ‘*’. (i.e. – m0d3ltf0rd… like modelTford)
2. Randomly throw in capital letters (i.e. – Mod3lTF0rd)
3. Think of something you were attached to when you were younger, but DON’T CHOOSE A PERSON’S NAME! Every name plus every word in the dictionary will fail under a simple brute force attack.
4. Maybe a place you loved, or a specific car, an attraction from a vacation, or a favorite restaurant?
5. You really need to have different username / password combinations for everything. Remember, the technique is to break into anything you access just to figure out your standard password, then compromise everything else. This doesn’t work if you don’t use the same password everywhere.
6. Since it can be difficult to remember a ton of passwords, I recommend using Roboform for Windows users. It will store all of your passwords in an encrypted format and allow you to use just one master password to access all of them. It will also automatically fill in forms on Web pages, and you can even get versions that allow you to take your password list with you on your PDA, phone or a USB key. If you’d like to download it without having to navigate their web site here is the direct download link.
7. Mac users can use 1Password. It is essentially the same thing as Roboform, except for Mac, and they even have an iPhone application so you can take them with you too.
8. Once you’ve thought of a password, try Microsoft’s password strength tester to find out how secure it is.

Well, after reading the article, take security of your Passwords up for condideration, and follow WikiLeaks on Twitter Have a nice Sunday.

1 comment:

Anne said...

Wops, nå føler jeg meg ganske så `typisk kvinnfolk` her du :-(

Men jammen ikke så enkelt heller Arne, i denne virituelle verden, bare på det lille sykehuset har jeg vel så mange som, ja..., la meg nå regne... = 9 passord å huske, og noen av dem må forandes hver 3. mnd.... jaggu ikke enkelt heller.

MEN he he i nettbanken er fødselsdatoen til en gammel kjæreste, sikkert som banken!! hele greia :-)

Ha en superkjekk 4. søndag i advent kjære venn. Blå himmel og -10 grader her, men håper nå på en tur når sola kommer.