Thursday, August 13, 2009

Password Strength and Protection

How does one protect their password, and what damage can be done if someone obtains your password? If you have a computer, you should know how important a password is by now. However, you probably are not sure how vulnerable your password might be. Obtaining a password can cause havoc, especially if you use the same password on all your accounts. Therefore, anything from your email to bank accounts can be access by unwanted crackers.
It's very simple to do this. Remember the Sarah Palin incident with Yahoo mail, even Paris Hilton's mobile phone book of celebrities. The majority of people have email accounts on multiple free networks such as MSN, Gmail or Yahoo. These services offer a password recovery page where anyone can access just by knowing your email address. The recovery pages asks a number of questions about you, and anyone that can guess the answer, can pretty much access your email. How is this relevant if it simply resets your password? Well, clever as one can be, they can attempt to access another account, maybe a bank or credit card account, and have the password sent to the email account they already have access to. And so it begins, anything tied to that email address, or forwarded to that address is now valuable to an attack.
How can this be avoided. I have recommendations to avoid a simple attack. First off, on your free email accounts, named above, make sure they are still active. If you haven't used that account and it is disabled, anyone can reuse that account and receive email as you. Also, don't use birthdates, or spouses middle names, even pet names as a recovery question. Select any question as your recover question and use a simple work you can remember, like "pancake" for the answer. This will be harder for anyone who knows you to attempt in recovering your password. Secondly, choose a strong password. With so many pins and account password one needs to remember, it's easier for people to choose "oreocookie" or "iloveyou" as a password. These passwords are easier to crack. Simple words or compound words even can be cracked in seconds by dictionary brute force software.
A good password must be tested by security expert recommended tools. I suggest a convention where you use a long word and utilize numbers, uppercase and special characters on words you will remember. Take a word you will remember, in this case we'll use my full name, gabrielvilla. My name is a weak password, however, if I utilize uppercase letters and a special character in the middle, Gabriel_Villa, it's stronger. However, names can also be compromised with brute force attacks very easily. Therefore, I suggest using more special characters and numbers to lieu or letters, therefore you remember the password and you get in the habit of utilizing more special characters. For instance, use "$" instead of "S", or "3" instead of "E". Therefore, when plugging in the password, Gabri3l_Vill@, it results it to be a strong password. You can use password generators that create passwords like mvE@6m8!, also strong, however, it's hard for one to remember that at times.
Now that you created a strong password, do you need to create a different password for every account you have? The real answer is “Yes”. However, I recommend a tip to utilize your same password and adding an extension to each account you use. For instance, think of the color of the header in the site your will log into, and perhaps that could be the extension, like at Yahoo, your password could be 'Gabri3l_Vill@-white' and at MSN 'Gabri3l_Vill@-blue'.

No comments:

Post a Comment