Diary of a Network Geek

The trials and tribulations of a Certified Novell Engineer who's been stranded in Houston, Texas.

10/17/2011

Your Password Is Too Weak!

Filed under: Advice from your Uncle Jim,Geek Work,News and Current Events,The Dark Side — Posted by the Network Geek during the Hour of the Hare which is terribly early in the morning or 6:19 am for you boring, normal people.
The moon is a Third Quarter Moon

No, seriously, it is.

If it makes you feel any better, most people’s passwords are too weak.
I suppose you think it doesn’t matter how “strong” your Gmail (or Hotmail or whatever free email you use) password is, right?  Well, you’d be wrong.  I recently read an account about how one person’s Gmail account was hacked and used to spam and try to get her friends to send the hacker money, all posed as her.  Of course, that was after deleting more than 4 Gigabytes of stored messages and photos.  You can read that account, as told by her husband, over at the Atlantic, in an article titled “Hacked!”  It’s worth reading, especially if you’re not in the IT business.  And, frankly, even for a fellow professional computer geek, it might be eye-opening to see how hacked email accounts are being used these days.  I have to admit, I was a little surprised that the attacker in question actually used the account personally to try and con money out of the victim’s friends and family.

I was not, however, all that shocked to see how many accounts are compromised on a regular basis.  Think the thousands.  Daily.
Right, so thousands of email accounts on which people depend are hijacked, used and abused on a daily basis.  If it hasn’t happened to you, it’s probably only a matter of time.  So, how do they do it?  Shared, easily guessable passwords.
Yes, it’s that easy.
Stop for a minute and think about how many passwords you use on a regular basis.  How many are the same?  How many accounts do you have for things like bank accounts and credit cards and medical records that use the same password as your email?  And how many of those accounts use that same email address as the username?
Getting the picture?

So, what do you do?
First, stop reusing passwords.
Second, make more secure passwords.  And, don’t think that the old way of replacing “L” with the numeral one or the letter “O” with the numeral zero and that kind of thing will work, either.  The hackers are on to that.  It’s better to use words that are not in the dictionary.  So, yes, made up words.  Or, even better, phrases, which is what I’ve recommended for some time.  Having a hard time coming up with one?  Try using one generated randomly for you at passphra.se, a random passphrase generator which was inspired by an XKCD comic.  The comic explains the reasoning behind the passphrase idea and the generator.  Also, XKCD is pretty funny and if you’re geeky like me at all, it’s well worth checking out.

In today’s world, we’re way too interconnected and digital and reliant on those systems to have relaxed security.  It doesn’t matter if you’re a geek or not.  Please, think about your passwords and how easily they might be compromised.  Then think about what that might mean to your life, digital and otherwise.
Now, if you’ll excuse me, I have to go change some passwords…


Advice from your Uncle Jim:
"A successful man is one who makes more money than his wife can spend. A successful woman is one who can find such a man."
   --Lana Turner

1/19/2004

Do you trust your bank?

Filed under: Criticism, Marginalia, and Notes,Geek Work,News and Current Events,The Network Geek at Home — Posted by the Network Geek during the Hour of the Hare which is in the early morning or 7:20 am for you boring, normal people.
The moon is a Third Quarter Moon

If you do business with them on the Internet, do you check your balances?

Well, it sounds like you better start! According to this story on AustalianIT, banking on the Internet may not be as safe as you thought. (Okay, this really was only effecting Australian bank customers, but still…) Apparently, some wiley Russian and Latvian crakers have put together a set of trojans to collect personal account data. They then use this data to move funds to an accomplice’s account in the same country as the bank, in this case, Australia. Then, the accomplice takes their cut and sends the rest on to the rest of his crew. Pretty scary.
On the upside, it’s out and known now, so I’m sure people are working on getting it stopped. Also, you know about it, so you can take the right precautions, like never using an unsecured computer to access bank accounts. And, of course, this hasn’t been reported in the US. Yet.


Powered by WordPress
Any links to sites selling any reviewed item, including but not limited to Amazon, may be affiliate links which will pay me some tiny bit of money if used to purchase the item, but this site does no paid reviews and all opinions are my own.