Writing this column has become a welcome escape from the torrent of minutia that envelops my normal workday tasks. Hopefully it serves to enlighten our community on that most overlooked necessity – security.Writing this column has become a welcome escape from the torrent of minutia that envelops my normal workday tasks. Hopefully it serves to enlighten our community on that most overlooked necessity – security. So often the emphasis is placed on anonymity, which is of course an essential component to a secure digital experience, but there are many other facets that, left unchecked, may reflect unwanted attention on personal activity.
Before we jump feet first into the world of cryptography; which is the science of safeguarding information in a way only those so authorized may view it, let’s baby step into our first sub topic – authentication. Authentication is the method of verifying access to an authorized entity – namely you. The most common manifestation of this process is something everyone is familiar with – passwords. As a modern functioning adult in America or other regions of the civilized world, you probably have tons of password applicable tasks. Be it the daily visit to the ATM or entering the YNOT chat rooms, you may be tempted to commit the unpardonable sin of security – convenience. Having a need for let’s say 20 passwords inevitably leads to creation of a universal password, which is a BIG MISTAKE.
If you think your dog’s name is a password option you’re road kill. Research is a major aspect of intrusion, and most accomplished hackers do their homework. Compiling initial profile lists of a target’s birthday, anniversary, children’s names, mother’s maiden name, social security number, license tag, phone number, car model, initials or other easily identified and remembered information is often a welcome sign to the snoop, hacker or private investigator, and in a worst case scenario – law enforcement. Choosing an effective and secure password isn’t difficult, but there are some general guidelines that should be followed.
First and foremost, think of your passwords as underwear – change them often. Most corporate departments responsible for securing very sensitive data change passwords daily and some are contractually bound, for example, by military or governmental stipulation, to change them hourly. This is extreme, however, and a good rule of thumb is to update your passwords at least every thirty days.
Never use any word in a dictionary! Basic cracking programs will automatically check each entry and voila… you’re compromised. Remember this: people are smart. Don’t think you’re slick by using a German, French or Swahili word either. The only one you will impress is yourself, and they will crack your password just the same.
As a general rule, in terms of security, people are their own worst enemy. To provide an example, the above paragraph just stated to never use any word in a dictionary. I can’t begin to tell you how many lazy wise guys will pull something like this, and use the word “password”. Hard for me to understand, but this is believed to be the world’s most common password. Don’t think you can pull a fast one by leaving out a letter in a word either, as this is another simple crack. For example, “compter” will be easily busted out.
Further, don’t use words with a single alteration. For example: $money or *schoolbook. And it should go without saying to never use a proper name (Jane, franK, etc). It provides no security to try something like frank872 either. This is child’s play to an accomplished professional looking to access your accounts. Another bad idea is to use characters in sequence, such as “xcwbnm” or “1234567” or redundant keystrokes (1111111 or 222222222 or even 1223334444).
So what should be the procedure for establishing strong password protection? Begin with at least an eight-character password. The longer the better, that’s for sure. Next, use a combination of letters (uppercase and lowercase), numbers and special characters. We generally recommend beginning and ending each password with “$” as this character is often a symbol for deleted data and not visible to a certain lower caliber of password cracking programs. This is an example of a suitable password: $5j6nN-87c$.
Now the tricky part… how to remember this special password. The last thing you want is to bar yourself access because of a random and easily forgettable password. In addition to writing your password down on a piece of paper and keeping it in a safe place, here’s a good trick you can utilize for your mental password keychain. Remember those early guitar lessons? Learning the notes of the music staff: E G B D F was simply “Every Good Boy Does Fine”. The same technique can be applied with passwords. So grab a favorite song phrase like Bad Company’s feel like makin’ love to you, and it becomes FlMl2U. Now add “$” to the beginning and end and you wind up with $FlMl2U$.
Got to go now. Can’t seem to remember where I placed my songbook… See you next month!
Bill Adler is President of CyberScrub LLC, an Atlanta, GA based security firm specializing in privacy software, policy, compliance and solutions. CyberScrub Pro is an award winning Internet privacy tool available for the affiliate marketer at www.cyberscrub.com/affiliates. Bill can be reached at ba@cyberscrub.com.
