Thursday, January 28, 2010


It has been a busy few weeks and the nasties on the internet are just getting more complex and hard to detect.  It is often the other trouble makers getting in on ports opened up by the first nasty that gives it away.  So with that lets take a look at…

Passwords -Why
For someone taking over your machine passwords to your credit card and or bank account is the prize.  With these and some personal information your identity is free for the taking.  But passwords are that which we are all horrible at keeping track of and remembering.

I first want to focus on what is a quality password.  The best passwords have numbers, letters (UPPER and lower) and special charectors (*&^%$#^”+).  The also are not words one would find in the dictionary.  A really great password would look like this  G*Lw^x2fJ1m^iB*-g+”:  this would take forever to break, but you would have to write it down to remember it which leaves it vunerable.
Also it would be quite a pain to type in.

So the first thing I would reccomend is a password manager.  There are many available and most are quite good.  I have settled on keepass since it runs on all my devices (win, linux, win mobile) and it is free.  With a password manager you just need to remember one password. I like to use my single password by using one that I can easily remember of seven or more charectors (numbers and lowercase letters).  I first type this in and then I type it in again… but the second time I hold down the shift key.  By doing this on the main keypad my numbers will put out special charectors.

An example
How about the address of your cousin in another state that for some reason you always remember
Lets say it  is “2689 SE Cousin St”.  So I would type
2689secousin – then holding down the shift key – @^*(SECOUSIN – So the total effect is
2869secousin@^*(SECOUSIN  This is a 192 bit password and no one would have time to crack it.

Of course if they have physical access to the data they will get it by other means.  But  by using a password manager you can protect your accounts and slow down anyone trying to get at your data via a user/password account.    Most password managers will generate random passwords for you.  I do not know any of my passwords except the one that gets me into my password database.


No comments: