Saturday, August 16, 2008

Passwords Suck!

I tried to post this next story Monday night but was unable to beat WordPress before their maintenance. So it is now Tuesday morning. My KC Chiefs won this past Sunday. Offense didn’t look good at all. Not sure if it is me or not, but I thought the play calling wasn’t imaginative at all. But a win is a win. I still think this may be a long season. Now back to passwords sucking.

Passwords for the most part suck. Let’s admit it. If your password is a word in the dictionary, it can be cracked quickly. I give talks about computer security and when I ask when is the last time they changed a password on an email account or lets say….a PayPal account and the normal answer is they haven’t. Then when I follow up with the question, do they use a strong password? Well you can guess the answer to that one. People complain that they can’t remember a complex password. Trust me, it isn’t that hard. To truly have a strong password, you need to use upper and lower case letters, numbers, and special symbols.

Being in the business, I hear this all the time. Plus the longer you make the password the better. Here are examples of bad passwords. kujayhawks, ksuwildcats, kcchiefs, admin, password, 1234, asdf, etc.. By chance, lets say,we wanted to create a complex password. Using upper and lower case letters, numbers, and special characters you can build a password like P@s$w0rd. I would not advise you to use this but you get my point. Easy to remember. If you have an account that you really want to protect, you might look at creating a pass phrase. String out a 30 character password by using a combination of words. Substitute numbers and special characters, and use upper and lower. The longer the password, the longer it takes to crack. The shorter it is, the easier to crack.

So if you haven’t changed your P@s$w0rds in a long time, maybe you ought to think about doing just that. The longer the password, the better it will be. Remember, if some how your PC is pwned by an attacker, then there is a good chance you have a keylogger installed that will record and send off to the bad guy’s remote server somewhere in the WWW. It takes many steps to keep you safe. Not sure what we’ll talk about next posting but I have several ideas. Rememberdontu$ep@$Sw0rdsTh@tsUCk. There is a good complex password for you! You get my point I’m sure. Talk soon.

No comments: