|
|
|
|
Technology Tips - Sept 06
When Passwords Meet Perpetrators
The vast majority of passwords fall into some common categories. Your kids, your wife, your girlfriend, your brother, a local college team, a local NFL or NBA team, pets, the date you were born… you get the picture. A “penetration testing” team is a team of security experts hired by a company to try to break the company’s security, as a hacker would. This enables a company to determine where any holes are in their security. Penetrating-testing experts have many stories of walking into a cubicle, looking at what the worker has pinned up on the walls, and guessing their password in three to five tries.
A cracker (someone who attempts to gain illegal access to computers) knows that most passwords are ordinary words. As a result, crackers have developed programs that can try every word in the dictionary as a password. A computer can do this at blinding speed, and not just in English, either; there are password-cracking dictionaries developed for almost every language where computers are in general use. This approach is called a dictionary attack.
To combat these attacks we recommend using some of the tips below to come up with passwords.
- Use the first letter of each word from a favorite song, poem, scripture, or movie.
- Example: the phrase “How do you solve a problem like Maria?” becomes HdysaplM?
- Use “leetspeak” – substituting characters for letters
- Example: stationary becomes $t@t10n@ry
- Avoid using words found in the dictionary
-
- Avoid using the same password in multiple locations.
-
- Longer passphrases are stronger than short passwords. Use at least 15 characters.
-
- Never divulge your password to anyone else!
Remember - Your password is often the only barrier between a thief and the company network!
- Dave Olszewski
|
|
|
| |
