|
In this digital age, information
is a vital asset and an average user's
protection is in the form of passwords. This
weapon has taken on a degree of sophistication
with the introduction of identity management
solutions and multifactor authentication
systems. With biometric technologies, for
instance, users can sign-in to their computers
by their thumbprint impression. Yet a number of
network administrators and individual users rely
on passwords as the only security tool.
In principle, every user wants
perfect passwords, difficult to guess and easy
to remember. Ironically in practice, users do
not choose their passwords with care hence their
entire password-protected life remains
susceptible to risk of different kinds.
If users were as creative and
original in investing passwords, as young people
are imaginative in churning out nicks for
chatting, half of the worlds passwords problems
would be solved. But they are not. Users at any
level tend to prefer easy to remember and
obvious passwords, What is more, most believe
that their passwords are secure, nobody is
coming after the information they have or think
that they have nothing to protect or hide. Some
new Net users do not even bother changing a
password assigned to them by their ISP when they
open an account. Like users, ISP employees have
a limited number of passwords and they keep
repeating them for different customers. Guessing
passwords for hackers is thus fairly easy.
Reading personal mails, or worst
still, sending mails on your behalf or hijacking
your profile in online chats using MSN
messengers is bad enough. It could result in a
scandalous situation. Some one may do it for
fun, as a challenge, with malicious intent or as
an adolescent obsession.
Countless people working on
computers and on the Web use the same passwords
for each e-mail account, website or online
service and click "Remember on this computer" by
habit. This is carelessness mistake, one which
can cost your access to your email account. The
ex-US Present Bill Clinton selected the name of
his pet dog Buddy as a password while signing
the Digital bill; a fairly easy guess for any
one who knows how dear his dog is to him. Such
conspicuous passwords may be easy to remember,
but they do not require any cracking expertise
to gain access.
Easy to remember passwords are
intrinsically weak. your name, login name, date
of birth, roll number, phone number or vehicle
registration number, a word straight from the
dictionary, figures like 12345678 or 87654321,
or alphabets like 'abcdef' or 'fedcba' and
surprisingly the word 'password' itself are
commonly used passwords. Such passwords are even
easy for other surfers to see when are punching
them on the keyboard, especially if you surf
from a cyber café. Tech savvy surfers tend to
pick obscure passwords, suffixes or prefixes,
some of the 95 ASC11 characters to make them
stronger in the process.
In case of all the stereotypes,
any determined person can successfully make an
educated guess. Professional hackers who use
dictionary attacks are able to crack such
passwords in a jiffy. As per the glossary, "The
term dictionary attack initially referred to
finding passwords in a specific list, such as an
English dictionary. Today, a brute-force
approach can compute likely passwords, such as
all five-letter combinations, "on-the-fly"
instead of using a pre-built list. Since these
threats are roughly equivalent, we use the term
in the broader sense to include all brute-force
attacks." Similarly, password management
services like "MyPasswords" and "Figaro's
Password Manager" and other cracker software and
serves are available on the Web, which are not
very popular and affordable locally.
When it comes to password
strength, the key is uniqueness. Disguising
words by mixing them, using combination of upper
and lower case letters, numbers, symbols and
punctuation make any password stronger. Experts
say that passwords greater than eight
characters, including different keyboard signs
are usually strong. Remember "passwords for
Microsoft Windows 2000 and Windows XP can be up
to 128 characters long."
Anyone working on computers and
the Web needs a wide range of usernames and
passwords these days. Users should teach
themselves to devise their own technique to
choose a strong password and to remember them
making it a game of lowest probability when it
comes to guessing for professionals cracking.
There simply cannot be one universal formula
appropriate for every application for all the
users.
Writing passwords on chits,
pasting them near a workstation or writing them
on the back of the keyboard may also compromise
the exercise of choosing unique passwords.
Changing your password frequently is a good
practice. it is easy to recover a saved password
if it is there on a screen masked behind those
asterisk (******) by using a tiny program called
DiscoverIt. but what if one forgets their
Hotmail or Yahoo account password? Recovery is
possible through a secret question but who cares
to remember the answers to secret questions for
so many accounts unless one has written 'Tinko'
in response to "What is your pet's name" in all
Hotmail accounts.
So what to do? The best thing is
to create unique passwords and use, protect and
manage them efficiently. After all, commuting on
Information Superhighway is not as safe as most
people think.
Written by Nabeel Khalid. |
