LumberJocks

Cyber Security Tip, PASSWORDS

  • Advertise with us

« back to Coffee Lounge forum

Forum topic by Dick, & Barb Cain posted 10-17-2010 05:42 PM 1124 views 0 times favorited 7 replies Add to Favorites Watch
View Dick, & Barb Cain's profile

Dick, & Barb Cain

8693 posts in 3766 days


10-17-2010 05:42 PM

Topic tags/keywords: resource tip cyber security dick

SOME SOUND ADVICE!

Cyber Security Tip ST04-002 Choosing and Protecting Passwords

Passwords are a common form of authentication and are often the only barrier
between a user and your personal information. There are several programs
attackers can use to help guess or “crack” passwords, but by choosing good
passwords and keeping them confidential, you can make it more difficult for
an unauthorized person to access your information.


Why do you need a password?

Think about the number of personal identification numbers (PINs), passwords,
or passphrases you use every day: getting money from the ATM or using your
debit card in a store, logging on to your computer or email, signing in to
an online bank account or shopping cart…the list seems to just keep
getting longer. Keeping track of all of the number, letter, and word
combinations may be frustrating at times, and maybe you’ve wondered if all
of the fuss is worth it. After all, what attacker cares about your personal
email account, right? Or why would someone bother with your practically
empty bank account when there are others with much more money? Often, an
attack is not specifically about your account but about using the access to
your information to launch a larger attack. And while having someone gain
access to your personal email might not seem like much more than an
inconvenience and threat to your privacy, think of the implications of an
attacker gaining access to your social security number or your medical
records.

One of the best ways to protect information or physical property is to
ensure that only authorized people have access to it. Verifying that someone
is the person they claim to be is the next step, and this authentication
process is even more important, and more difficult, in the cyber world.
Passwords are the most common means of authentication, but if you don’t
choose good passwords or keep them confidential, they’re almost as
ineffective as not having any password at all. Many systems and services
have been successfully broken into due to the use of insecure and inadequate
passwords, and some viruses and worms have exploited systems by guessing
weak passwords.

How do you choose a good password?

Most people use passwords that are based on personal information and are
easy to remember. However, that also makes it easier for an attacker to
guess or “crack” them. Consider a four-digit PIN number. Is yours a
combination of the month, day, or year of your birthday? Or the last four
digits of your social security number? Or your address or phone number?
Think about how easily it is to find this information out about somebody.
What about your email password—is it a word that can be found in the
dictionary? If so, it may be susceptible to “dictionary” attacks, which
attempt to guess passwords based on words in the dictionary.

Although intentionally misspelling a word (“daytt” instead of “date”) may
offer some protection against dictionary attacks, an even better method is
to rely on a series of words and use memory techniques, or mnemonics, to
help you remember how to decode it. For example, instead of the password
“hoops,” use “IlTpbb” for “[I] [l]ike [T]o [p]lay [b]asket[b]all.” Using
both lowercase and capital letters adds another layer of obscurity. Your
best defense, though, is to use a combination of numbers, special
characters, and both lowercase and capital letters. Change the same example
we used above to “Il!2pBb.” and see how much more complicated it has become
just by adding numbers and special characters.

Longer passwords are more secure than shorter ones because there are more
characters to guess, so consider using passphrases when you can. For
example, “This passwd is 4 my email!” would be a strong password because it
has many characters and includes lowercase and capital letters, numbers, and
special characters. You may need to try different variations of a
passphrase—many applications limit the length of passwords, and some do not
accept spaces. Avoid common phrases, famous quotations, and song lyrics.

Don’t assume that now that you’ve developed a strong password you should use
it for every system or program you log into. If an attacker does guess it,
he would have access to all of your accounts. You should use these
techniques to develop unique passwords for each of your accounts.

Here is a review of tactics to use when choosing a password: Don’t use passwords that are based on personal information that can be easily accessed or guessed. Don’t use words that can be found in any dictionary of any language. Develop a mnemonic for remembering complex passwords. Use both lowercase and capital letters. Use a combination of letters, numbers, and special characters. Use passphrases when you can. * Use different passwords on different systems.

How can you protect your password?

Now that you’ve chosen a password that’s difficult to guess, you have to
make sure not to leave it someplace for people to find. Writing it down and
leaving it in your desk, next to your computer, or, worse, taped to your
computer, is just making it easy for someone who has physical access to your
office. Don’t tell anyone your passwords, and watch for attackers trying to
trick you through phone calls or email messages requesting that you reveal
your passwords (see Avoiding Social Engineering and Phishing Attacks for
more information).

If your internet service provider (ISP) offers choices of authentication
systems, look for ones that use Kerberos, challenge/response, or public key
encryption rather than simple passwords (see Understanding ISPs and
Supplementing Passwords for more information). Consider challenging service
providers that only use passwords to adopt more secure methods.

Also, many programs offer the option of “remembering” your password, but
these programs have varying degrees of security protecting that information.
Some programs, such as email clients, store the information in clear text in
a file on your computer. This means that anyone with access to your computer
can discover all of your passwords and can gain access to your information.
For this reason, always remember to log out when you are using a public
computer (at the library, an internet cafe, or even a shared computer at
your office). Other programs, such as Apple’s Keychain and Palm’s Secure
Desktop, use strong encryption to protect the information. These types of
programs may be viable options for managing your passwords if you find you
have too many to remember.

There’s no guarantee that these techniques will prevent an attacker from
learning your password, but they will make it more difficult.

Authors: Mindi McDowell, Jason Rafail, Shawn Hernan

Produced 2004 by US-CERT, a government organization.

Terms of use

<http: />

-- -** You are never to old to set another goal or to dream a new dream ****************** Dick, & Barb Cain, Hibbing, MN. http://www.woodcarvingillustrated.com/gallery/member.php?uid=3627&protype=1


7 replies so far

View Brit's profile

Brit

6734 posts in 2310 days


#1 posted 10-17-2010 07:25 PM

Good advice. I use a password safe on my PC called Access Manager 2. This software is free for personal non-commercial use. You only need to remember one password which should be strong as you have described. You can download Access Manager 2 here: http://www.accessmanager.co.uk/

-- Andy -- "I saw the angel in the marble and carved until I set him free." (Michelangelo)

View Lee A. Jesberger's profile

Lee A. Jesberger

6821 posts in 3446 days


#2 posted 10-17-2010 07:35 PM

Hi Dick;

Good info. My password is so good, I don’t even know it!!!

Lee

-- by Lee A. Jesberger http://www.prowoodworkingtips.com http://www.ezee-feed.com

View Jamie Speirs's profile

Jamie Speirs

4167 posts in 2323 days


#3 posted 10-17-2010 08:27 PM

Thank You for sharing. :)

-- Who is the happiest of men? He who values the merits of others, and in their pleasure takes joy, even as though 'twere his own. --Johann Wolfgang von Goethe

View Jim Bertelson's profile

Jim Bertelson

3964 posts in 2631 days


#4 posted 10-18-2010 02:30 AM

.........you taking up a new tech career for a little retirement income?..............(-:

If you have anything to hide, have a good password…...........

I use tough ones for things that concern money or enable access to my computer or my network. Otherwise, I keep them simple.

We are trying to approach winter here, but it looks like the weather is going to veer off into cold rainy days. Maritime climate at its worst.

Lots of shop time this weekend…......up to nogood and mischief as usual….........

Hope you and Barb are doing well…...

Take your last looks over the ore dump…......Alaska is quickly retreating into its yearly nighttime…......(-:

Jim

-- Jim, Anchorage Alaska

View Dick, & Barb Cain's profile

Dick, & Barb Cain

8693 posts in 3766 days


#5 posted 10-18-2010 10:32 PM

Brit, Thanks for your input.

Jim B.
Just trying to spread a little knowledge. My one Grandson, & myself know everything there is to know about computers.<(:O}&

Score: Grandson 99%, Me 1%.


Our weather has been unusually nice. Lows in the 30s, highs 50s, with no rain for about 3 weeks.

-- -** You are never to old to set another goal or to dream a new dream ****************** Dick, & Barb Cain, Hibbing, MN. http://www.woodcarvingillustrated.com/gallery/member.php?uid=3627&protype=1

View Grumpy's profile

Grumpy

21571 posts in 3318 days


#6 posted 10-18-2010 11:40 PM

Thanks Dick. And don’t forget to lock your computer or turn off your modem when not in use.

-- Grumpy - "Always look on the bright side of life"- Monty Python

Have your say...

You must be signed in to reply.

DISCLAIMER: Any posts on LJ are posted by individuals acting in their own right and do not necessarily reflect the views of LJ. LJ will not be held liable for the actions of any user.

Latest Projects | Latest Blog Entries | Latest Forum Topics

HomeRefurbers.com