programming4us
programming4us
SECURITY

Are Your Passwords Safe? (Part 1)

- How To Install Windows Server 2012 On VirtualBox
- How To Bypass Torrent Connection Blocking By Your ISP
- How To Install Actual Facebook App On Kindle Fire

How to keep your accounts as secure as possible

I don’t mean to alarm you, but – well, actually I do. Your password strategy, if you have one at all, might be seriously out-of-date. In the past year, several well-publicized attacks on major online services exposed users’ passwords. For example, in June 2012, more than 6 million Linkedln passwords were stolen and posted online. Just over a month later, more than 450,000 Yahoo passwords were leaked. The direct damage resulting from public disclosure of the passwords was bad enough, but the security breaches also revealed that vast numbers of people follow dangerous password practices that can result in far worse problems.

In the past year, several well-publicized attacks on major online services exposed users’ passwords

In the past year, several well-publicized attacks on major online services exposed users’ passwords

If you haven’t examined your approach to making and using passwords recently, now is a good time to rethink your assumptions. Here are a few important facts about passwords you may not have realized and what they mean for you.

What you don’t know about passwords

Here are some key points to bear in mind as you create new passwords.

Password reuse is a major danger

You know how it is every time you turn around, another website or online service wants you to create a new password. Because that’s so tedious to do, you may be tempted to rely on shortcuts. But those shortcuts can get you in trouble. As a case in point, consider the common practice of using the same password for multiple sites.

Password reuse is a major danger

Password reuse is a major danger

Suppose you signed up for a Linkedln account, and you used the same password that you previously chose for your Gmail account. Then, in June, you were one of the unlucky people whose Linkedln password was leaked. An enterprising hacker who knew your Linkedln password could have easily tried it with other popular services, so gaining access to your Gmail account would suddenly be child’s play. That’s a problem not just because someone could read or delete your email, but because you might use your Gmail address to access or reset other passwords. After clicking the Forgot Password link on other sites, the hacker could check your email to get access to accounts that use those other passwords. Even reusing a single password in two places could, in this way, cause cascading problems.

The best way to overcome a password reuse habit is to use a password manager, such as 1Password ($50, macworld.com/a/1155446) or LastPass (free; premium service, $12 per year; macworold.com/a/1151444). These tools auto-generate passwords, store them securely, and let you fill them in on websites with a single click or keystroke.

Hackers know your password tricks

When people are faced with the need to come up with a new password, their next-biggest crutch after reusing passwords is to pick something that’s extremely easy to remember and type. As the lists of stolen passwords and other security research show, a lot of people still use 123456, password, baseball, and other simple strings. Naturally these and the next several thousand most common passwords will be the first ones a hacker tries when attempting to break into an account. Likewise, you should avoid names, dates, and common dictionary words.

Hackers know your password tricks

Hackers know your password tricks

Appending a number to a common word (passwords1, say) is an often-used method for complying with “Must contain a digit” rules. And so are substituting numbers or symbols for letters things like p@ssw0rd and using patterns of keyboard keys such as edcrfvtgb. The problem is, hackers are well aware of such techniques. As soon as you invent a new method for creating better passwords (such as padding a shorter password with repeated punctuation), the bad guys adapt accordingly. So don’t count on cleverness to protect your password. It might take a few milliseconds longer to guess 1d0ntkn0w than Idontknow, but remember that you’re up against machines that can make any substitution in the blink of an eye.

You want to make your passwords un-guessable, even by someone who is smarter than you. The best way to do this is to construct them from random strings of characters, including uppercase and lowercase letters, numbers, and punctuation. Though it’s very hard for a human to create a truly random password, it’s quite easy for a computer to do. So once again, it’s better to rely on a password manager than on your brain.

14 is the new 8

Let’s imagine that an attacker is determined to get into your account, and the quick-and-easy hacks (such as checking dictionary words, along with common mutations) have failed. What then? The next step for the hacker is to use brute force, trying every possible password one by one. Unfortunately, it’s getting easier and easier to find a match with this technique. A few years ago, a reasonably powerful system might have been expected to check a million potential passwords per second. Today, a single off-the-shelf PC can check several billion passwords per second, and a network of computers can check many times that number.

All passwords managers allows you to select the password length you want

All passwords managers allows you to select the password length you want

As a result, the advice you’ve read in the past about what constitutes a secure password may no longer be valid. For example, a password with eight or nine random characters is no longer sufficient to protect against a brute-force attack. Experts today recommend that you use longer passwords, often 12 to 14 characters. And that’s for passwords randomly generated by a computer. Passwords you create by hand must be even longer to have the equivalent strength.

All passwords managers allows you to select the password length you want; and my advice is that for any password that can be entered for you by an app (or copied and pasted), you might as well use the longest password the target service will accept. After all, the same keystroke that fills in a nine-character password can fill in one with 14 characters.

Of course, you must still commit certain passwords to memory or, for one reason or another, enter than manually. For such passwords, you can use a longer but less-complex character string to achieve comparable security.

Other  
  •  10 Contenders For The 'Ultimate Protector' Crown (Part 5) : Microsoft Security Essentials 4.1, AVG Antivirus Free 2013
  •  10 Contenders For The 'Ultimate Protector' Crown (Part 4) : Norton Internet Security, Avast Free Antivirus Version 7
  •  10 Contenders For The 'Ultimate Protector' Crown (Part 3) : Eset Smart Security 6, Kaspersky Internet Security 2013, Zonealarm Internet Security 2013
  •  10 Contenders For The 'Ultimate Protector' Crown (Part 2) : Bitdefender Total Security 2013, Trend Micro Maximum Security, Mcafee Internet Security 2013
  •  10 Contenders For The 'Ultimate Protector' Crown (Part 1)
  •  A Look At Truecrypt The Open Source Security Tool
  •  The Slithery World Of Hybrid Cloud Security
  •  SharePoint 2010 : Planning Your Security Model - Maintaining Your Security Model
  •  SharePoint 2010 : Planning Your Security Model - Defining and Documenting SharePoint Security
  •  SharePoint 2010 : Planning Your Security Model - Overview of SharePoint Security Elements
  •  
    Top 10
    - Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
    - Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
    - Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
    - Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
    - Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
    - Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
    - Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
    - Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
    - Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
    - Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
    REVIEW
    - First look: Apple Watch

    - 3 Tips for Maintaining Your Cell Phone Battery (part 1)

    - 3 Tips for Maintaining Your Cell Phone Battery (part 2)
    programming4us programming4us
    Celebrity Style, Fashion Trends, Beauty and Makeup Tips.
    programming4us
     
     
    programming4us