The User Group Network News Service
Lynn Wegley is the InfoManager

December 8, 2003:
Password is not a 4 letter word
User Group Network
Info Manager Index
Submit info or news
MUG News
Use your Browser's "FIND" command to find specific keywords
* Report broken links
(December 4, 2003)
Password is NOT a 4-letter word
by Fred Showker
 
Yesterday, a close relative's identity was stolen.
 
The whole ordeal and the ensuing headaches of identity theft has prompted me to write and once again to remind everyone about online safety. Folks, it's not a matter of "if" they will discover your password -- but "when". Below, I emphasize the iron-clad rules of dealing with passwords.
      This person used a cat's name as a password in an eBay account less than a year old. And that's all it took for a criminal to crack into ebay, begin posting bogus items for sale and using the credit card account. We may not have even discovered it had it not been for an unwary user who emailed with questions about one of the bogus offers. The relative called me and said "I've got this email from eBay about a product I'm not even selling." I knew at once what happened. We jumped on it and were able to stop it before the real disaster could happen.
Never underestimate the online criminal.
These criminals employ sophisticated software and servers to rapidly harvest screen names from eBay, Amazon, blogs, and anywhere a "handle" or screen name is used. Incoming data is then compared to databases with millions of words, phrases, acronyms, street addresses and telephone numbers. It takes only a few seconds to then ping eBay and other online strongholds to test combinations. Once a 'hit' is made, they're in. It's only a matter of time.
      These are not isolated hackers crouched at a glowing monitor in the dead of night -- they're technologists and industrialists exploiting all means available. They're highly skilled and well financed businesses openly bragging that they can't be caught, and can't be stoped. They employ major computer installations which run around the clock, every day -- fully staffed for a single purpose: stealing and exploiting private information.
      Online crime has been cited as one of the world most rapidly expanding industries -- transcending borders and language. The spam, porno and identity theft business has become so lucrative it can employ the fastest and most advanced technologies. Their multi-computer installations can parse millions of screen names and email accounts per hour, matching them to spam lists as well as gathered cookies from anyone who surfs the web. They employ intelligent agents and spiders to scour the web for possible UID and cookie matches. When a match is found, they sell it; use it to create more bogus accounts for spamming; or even worse, use it to burglarize bank accounts and charge card accounts. In this particular situation the criminal had already posted dozens of bogus products for sale on eBay.
      No individual, law enforcement agency or government is any match for these criminals. Very few are ever apprehended, and when they are, they can afford the best legal defense money can buy. Many openly admit to maintaining installations in other countries beyond detection of U.S. authorities -- and boast they can have new installations up and running within hours. They are highly successful. Protecting yourself properly can prevent you from adding to that success.
BUILDING A PASSWORD
  1. NEVER use a word found in ANY dictionary, nor combinations
  2. NEVER use a street, pet, child, relative or other "term" found in any language
  3. NEVER use "human readable" phrases of text (If it makes sense, they'll find it.)
  4. NEVER use your name or part of your name or phone number
  5. NEVER mix or merge passwords into a "new" password
  6. NEVER use the same password more than once
  7. NEVER use less than 8 characters -- 12 or more are better if the entry field allows it
Key Considerations:
  1. Remember that NO password under 256 characters is 100% safe.
  2. ALWAYS use combinations of upper and lower case letters mixed with numbers. EXAMPLE: x9F32sS7riW5
  3. CHANGE passwords frequently - at least once a year - monthly is best.
APPLY THE ABOVE RULES
to ANY situation where a "password" is used:
  • any financial account
  • any email accounts
  • any ISP and Dial-up accounts (like AOL or Earthlink)
  • any any online web site
  • any Home security systems
  • any Cell phones (Remember spammers now use hijacked cell phones for spamming)
AVOID situations where passwords are required. Ask yourself if you really need to join, subscribe, or participate in any activity where they ask you to set up a password.
Recent surge in online crime
Alerts have recently been posted of a renewed surge of criminals cracking into financial services, auction services and other sources of easy personal or financial information.
 
Identity theft is quick and easy once a password or account is cracked. But Identity theft can also begin with
  • a cookie from a web site,
  • a careless post in chat room,
  • responding to spam
  • following a link in spam
Be vigilant
Be vigilant with your passwords and accounts.
Be vigilant with your online behavior and associations.
Never ever underestimate the cross-referencing powers of the crime industry.
      ALL people young and old need to understand this -- most particularly young people (who think they're invincible), the elderly (trusting and inexperienced in technology), the disadvantaged (searching for an easy way out). New, unskilled cable, DSL or wireless users are most at risk.
      This victim had to cancel charge card accounts, and any online account the card was used for -- had to delete an eBay account, and wipe a paypal account clean. And that's just the beginning.
      Protect yourself at all times, and share this message with others. If you are in a position to disseminate this message to a larger audience, please do so. Go to: www.ftc.gov/ to learn more, or to report any suspicious online activity.
      Join a local computer user group or club, and get educated. Build a network of knowledgable friends or associates whom you can turn to with questions and help.
Protect yourself at all times.
Posted by Fred Showker,
Return to the Info Manager
go to:
2001 Info Manager Archives
Info Manager Favorite Quotes of 2001
2001 Info Manager Archives
Info Manager Favorite Quotes of 2000
2000 Info Manager Archives
1999 Info Manager Archives

** SUBSCRIBE to the "Info" LIST!
Lynn Wegley is a veteran of the UGN (AOL User Groups Forum) and User Group Network. He's been a supporter and volunteer on many, many UGNet and User Group Academy projects. As a long time user group member, he's served as volunteer from Honolulu to Boston and many points in between. Currently working with the Apple Corp of Dallas, the Dallas Mac Pack, Cowtown MUG of Ft. Worth and TUMS (the Tulsa Users of Macintosh Society) doing newsletter articles and the monthly CD-ROM Update.
UG Network Channel   /   UGNN   /   NEWS   /   UG Library
To Advertise or become a sponsor -- Contact Advertising Department -- Press Releases for publication -- should be directed to: UGNN News Desk at: News Editor   - Article Reprints -- User Group Network Affiliates may reprint articles as long as full credit is given. Other Non-profit or non-commercial publications should contact us. The UGNN cannot guarantee accuracy or timeliness of articles. Many have been forwarded to us by field correspondents, or press release services. All care is taken to assure the accuracy of URLs and email addresses. Some items may be 30 to 60 days old. The User Group Network is an affiliate of the News-Serve Network - inquiries: News Serve Network All commercial names herein, including publication, product, and company names are assumed to be the registered trademarks of their companies. UGN, UGNN, UGNet News, UG Idea Exchange, are all trademarks for The User Group Network, copyright 1997, all rights reserved. Copyright 1999, The User Group Network, http://www.user-groups.net/News-Service.