Passwords, Passwords, and more Passwords!
With identity theft on the rise, password cracking
dictionaries and programs getting more sophisticated, and the leading
anti-spyware package scanning for over 135,000 known threat traces,
there is good reason for you to be concerned about the passwords you
use. This article presents ways you can better protect your information
Most web sites rely on a simple username and
password for authentication. There are even many banking and investment
websites that use your social security number or email address as the
user name thus making it twice as easy for the professional hacker to
gain access to your information by only needing to break the password.
What makes for a secure password? Here are some
Do’s and Don’ts.
Make sure that any local accounts including the
local administrator account on your Windows computer has a
password and is not set to blank.
Make sure your passwords are at least 8
Do not use just letters that spell a word you can
find in the dictionary.
Include at least one number and special
Mix in upper and lower case letters in unusual
Substitute special characters for letters such as
@ for a, $ for s, or 3 for E.
Consider using a pass phrase rather than a
password when the program permits longer passwords, e.g.
Do not use available personal information such as
a birth date, pet’s name, street address, or your name in the
Use a password that is easy to remember so that
you do not need to write it down on a post-it note and stick it
to your monitor.
Do not ever give your password out to someone you
do not know, for instance, a person “calling from tech support
to assist you with the computer problem you reported”.
Change your passwords every couple of months.
One of the problems computer users face today is the
shear number of usernames and passwords created for various purposes.
Best practice says to not use the same username and login for your
important sites, but rather make them unique. Some of these logins may
be ones that are used only occasionally, or the password is being
entered automatically via an auto-logon and hence is soon forgotten.
The problem is compounded if you follow the recommendation to change
your password periodically. For those of us that do not have a perfect
memory, here are some options to keep track of it all.
The simplest option is to record usernames and
passwords in a Microsoft Word document and then password protect the
opening of that document. Another option is to enter them into a
contact management system such as GoldMine or Microsoft CRM and then
make sure that access to the database is well secured. This approach is
especially useful when you need to share an account for a workgroup.
There is now a class of software utility designed
for the problem of tracking multiple passwords and usernames. These
password managers come in a couple of flavors: software only, and
software plus biometric hardware to read, for instance, your finger
print. Some popular choices include:
RoboForm Pro (www.roboform.com)
keeps an encrypted list of all your passwords. You only need to
remember a single master password. RoboForm can complete
standard information on a web site such as your name, address,
and telephone number as well as supply your user name and
offers a similarly highly rated program.
has a device, the Biometric Mouse Password Manager, which is a
fingerprint reader built into an optical mouse. It comes with
Softex's OmniPass password manager software. You can log onto
web sites with a touch of your “registered” finger. Directories
and files can also be encrypted.
offers an enterprise solution called Password Manager, a single
sign-on (SSO) solution for accessing password-protected Windows,
Web and host-based applications.
Auto-logons … are they safe?
Internet Explorer has the ability to remember user
names and passwords if you give it permission to do so. In general it
is safe to do so if you have protected your pc with strong passwords to
begin with. We also recommend to set a boot-up password in your
system’s BIOS. That way, if your pc is lost or stolen, there are two
layers of protection. Here’s a tip regarding the use of the
AutoComplete password entries. To delete an individual saved entry, go
to the log on box on a web page and double-click. The saved
AutoComplete entries will display. Scroll to the one you want to
remove, and press the Del key.