In Ancient Egypt, Words had Power. Names were the most important, potent words of all. At the end of Life, to pass beyond the water and enter the Afterlife it was necessary for a person first to have their name inscribed in hieroglyphs on the wall of a sacred tomb (a little like the ritual for entering the U.S today!). If that personal hieroglyph was later removed – the Ka (soul) of the person would be called from its rest. Today, passwords are also power, and an authentication compromise can lead to a great deal of trouble and sleepless nights. Having a password hacked gives a stranger access to most areas of a user’s life, and hackers always have malicious intentions. Think about the vast amount of data and personal detail that is encoded on your electronic devices – then think about the words that access this information – how strong are they? Here are some tips for password empowerment.
Dictionary Attacks
These attacks are carried out using malware that runs through permutations of words. Given enough time, this software theoretically can crack any password. The longer or more complicated the word, the more time is needed. The database that the malware is programed with will start with lazy, overused configurations – password or qwerty for example. Usually, the access that a hacker has is limited, so having a authentication that is just several digits longer could mean the difference between being hacked, or being passed by in favor of an easier target. Choose uncommon phrases at least eight characters long and vary the format – for instance: Bigbadwolf would be many times stronger against a dictionary attack if it was written as B!gB@dW01f.
Cracking Security Questions
Everyone is probably familiar with the forgotten your password? interface where security questions have to be answered to recover or to reset a password. If security question answers contain details that can be found on a social media ‘site, then the hacker’s work is done (this is what happened to Sarah Palin’s Yahoo account). If you have to put in a date of birth when signing up for a password – LIE! Just vary the date by a day (though remember you did this!). Using publicly accessible data for security questions is plainly not intelligent.
Ten Tips for Password Protection:
- Make sure no-one can visually see you enter a password (and watch for CCTV monitoring in public places – this may be hacked);
- Make sure that all applications and devices have different passwords (this may sound like a plain simple thing to mention, though research on compromises has shown that 31% of users reuse the same authentication for multiple purposes;
- Avoid having to enter passwords when using public machines, hackers can employ several methods to harvest passwords in these situations;
- Log-off if physically leaving a device unattended – however briefly – it takes a moment to steal log-in details. Disable auto-login for all devices and apps;
- Use security software that will detect malware such as key-loggers;
- Check new hardware that needs an admin authentication – particularly wireless routers – DO NOT leave these at factory default (usually something like ‘Admin’, ‘password’). For more wireless network security information see here.
- Avoid the need to enter passwords on unsecured WiFi networks like in coffee-shops or airports – hackers can intercept signals in such locations.
- Write down log-in credentials externally for future reference, though note then in such a way that it is not obvious that they are passwords;
- Many ‘sites that require a password to be generated have a strength test application when creating an account – take notice of this and keep going until the password rates ‘VERY STRONG’;
- Establish a routine for password changes, carry these out more frequently for ‘sites/apps containing more sensitive data.
Remember: Words ARE Power – Don’t Hand Them To A Hacker!
