Every time you turn around these days you are asked to setup a user id and password. Mostly for web sites, but for telephone systems and computer access too. Keeping track of them all can be a challenged and it understandable that people take shortcuts.
Understandable, but not wise.
Some shortcuts are, well, short sighted to be polite. The most popular is the word “password” itself. I think hackers could figure that one out! Some people write their user ids and passwords on posted notes or paper left prominently in their office or cubicles. That is safe from remote computer hackers, but not from nefarious collections. Sad to say, there are a few out there.
They may seem like a nuisance, but with almost all of our important information now stored online they are the first line in the defense of our financial, professional and personal information. Almost every day I hear a story about a person whose personal life has been turned upside down because someone has compromised their bank, credit card accounts and credit worthiness through unauthorized loans.
It's time we start to take the more seriously!
The good news is that there are a few simple rules to follow that can be a big help.
First, never leave a list of password and ids around where people can find it. No post it notes!
Second, do not base your passwords on personal information that could be guessed. That would include your name, your close relative's names, your date of birth, etc.
OK, that takes care of co-workers up to no good. What about the sophisticated hackers?
Third, you have to make your password difficult for the hacker to identify through “brute force”. That simply means trying many possible combinations. To do that, you should have what is called a “strong” password. A strong password will adhere to the following rules:
- Contain 8 or more characters.
- Include Alpha, numeric and special characters (&,!, Etc.).
- Include a mix of upper and lower case letters.
- Never use a sequence of number (1234).
- Do not duplicate your user id in the password.
Some people also recommend not using dictionary words in the password, and I think that would be ideal. However, it becomes really hard to remember a password if it is a random set of characters and numbers. Ideal, but probably not practical.
Next, be vigilant.
Whenever you are at a web site that requires you to login, make sure it is running the Secured Socket Layer (SSL). SSL creates a secure, encrypted connection between the web server and the browser.
You can tell the site is using SSL because it will have “https:” instead of “http:” on the URL address line and there will be an image of a padlock displayed.
Last, make sure your computer has a firewall and you are running an antivirus scanner. You need this protection for a lot of reasons, but it is important protection against identity theft in particular. A common technique of hackers is to infect your computer with a “key logger” program that records your keystroke. When you visit secured web site the key logger will capture your user id and password which the hacker can use against you!
Keep in mind that even if you are using a firewall and antivirus you may still be vulnerable. The problem with most antivirus protection is that they only address viruses and exploits that have been identified and added to a “blacklist” of known viruses.
Not bad, except there are approximately 40,000 new viruses and system exploits unleashed EVERY DAY! They will always update their blacklist for a specific issue, but you are always playing catch-up.
I prefer protection that uses a “whitelist” concept and sandbox. With this technique, program files are compared to a list of valid files and only allowed to run in your system if they are on the list. If the scanner has any doubts about a program, it is run in an isolated system area called a sandbox where the scanner can determine if it is OK or should be deleted.