Is Ur PassWord Secure Enough ?

Password security is a biggie, which is why I like websites with a password checker that tells me if the password I’m choosing is weak or strong. I usually try to choose complicated passwords with numbers, letters, and symbols, but sometimes even those passwords can be weak.

If you’re dying to know if one of the passwords on your list needs a makeover, check out this handy password checker over at Microsoft. The tool was actually pretty tough on my own passwords giving most of them a “medium” rating, which probably means I need to get a little more creative.

Passwords get rated as weak, medium strong, and best, and I was surprised to have a hard time achieving a best rating. After trying several passwords, the only one that got a “best” rating had a good mix of letters, numbers, and an underscore. I think the underscore is what really did it.

According to the site a strong password should:

1. Appear to be a random string of characters to an attacker.
2. Be 14 characters or longer, (eight characters or longer at a minimum).
3. Include a good combination of uppercase and lowercase letters, numbers, and symbols.

If you’re getting a “medium” rating on all your passwords, maybe it’s time to update them.

This may or may not come as a shocker, but according to a recent FTC survey on identity theft, 16 percent of the victims said their information was stolen by people they knew, which included friends, relatives, neighbors, and coworkers. This is very important because it serves as a reminder that we need to take extra precautions whether we’re at home or at work. It’s probably a good idea to disable cookies, so you don’t save login and password information of your accounts, and you should never keep sensitive information where thieves can easily find it.

I’ve gotten several emails from readers asking me how they can find out if someone has accessed their personal email account, so I thought I’d point you to an excellent post written by PCWorld’s Erik Larkin on how to set a hacker alarm on your web mail box. This is a good way to find out if anyone besides you is logging into your email account.

Here’s the gist:

  1. Open an account with, and use a disposable e-mail address to complete the registration process.
  2. You’ll receive an email from OneStat with an attached file. Save the file, note the account number, and then delete the email.
  3. Rename the file with a name that would catch a hacker’s eye like “AccountPasswords.” Save the .txt file as an .htm file so it opens up in a web browser.
  4. Send an email with the .htm file to the account you want to monitor. Use a subject title that is eye catching.
  5. Wait for the hacker to take the bait. If the attachment is opened by anyone else but you, the hit counter will record their IP address.

Hackers are very clever, so you want to change your password frequently to something that’s a little harder to crack.

When it comes to security, Bruce Schneier is a god among us mere mortals. He has written some of the most influential books on computer security and cryptography ever printed, and his blog is essential reading for anyone on the Internet.

So when Bruce says here’s how to create a secure password (and how he creates his own passwords), I listen. His post on the topic is extensive, so I’ll try to boil it down to the essentials. If you have the time, I encourage you to read the whole thing, though.

First question: How are passwords cracked, anyway? Primarily through brute force “dictionary” attacks, where software tries to guess a password by running through a series of common phrases or words in various combinations. Sure, we know that “password” and “qwerty” are easy to crack, but password crackers have gotten much more sophisticated these days. Now, they check hundreds of these common “root” passwords (here’s a list)… in combination with various “appendages,” including all two- and three-digit combinations, single symbols (like ! and ?), dates from 1900 on, and a few others. The crackers also sub in common characters like “3” for “E” and other typical hacker-speak substitutions.

What’s that mean? Basically, if you thought the safe-looking pigl3t9! was a secure password, you’re sadly mistaken. Any modern password cracker will suss it out in a matter of minutes.

Before you begin to despair, Schneier offers simple rules on how to create a password that cannot be easily cracked by such methods. (Mind you, given enough time, any password can be cracked, though. But this will make it much harder.)

The trick is to use a “root” that is not in that list that I linked above, and to put your “appendage” (or two of them) in an unusual place: Either in the middle of the root or at both the beginning and the end.

Schneier’s example is to use a word that you can pronounce but which is spelled “wrong”: armwar or pitchsure or baysball are all examples. Then attach your appendage(s): arm9!9war or 1066pitchsure6601 or bay1776sball. It shouldn’t take much effort to commit any of these to memory.

~ ni bugzlife69 sa Marso 14, 2008.

Mag-iwan ng Tugon

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Palitan )

Twitter picture

You are commenting using your Twitter account. Log Out / Palitan )

Facebook photo

You are commenting using your Facebook account. Log Out / Palitan )

Google+ photo

You are commenting using your Google+ account. Log Out / Palitan )

Connecting to %s

%d bloggers like this: