Online SAFETY in Passwords

Safe Netting: Loose Lips Sink Ships

Is your password safe?

This was a well known slogan during both World Wars. It also applies in today's digital society. One of the necessary evils we've come to live with is the challenge to create, keep and use passwords effectively. Your bank account, ATMs, cell phones, voice mail, email accounts, web sites, and many other secure entities require your password. Most people see the requirement to use and change passwords regularly as a paint in the neck -- many don't bother. Unfortunately there are too many criminals on the loose who see your password as the combination to a safe. Most people also think their personal or company information would not be of interest to anyone. Thieves, criminals, and hackers could care less who you are. They know protected accounts can be utilized any number of ways to be profitable -- and they'll stop at nothing for money.

Why my data?

Those who are out to steal your sensitive data do so for many different reasons. Hackers who would break into your accounts are opportunists out to create petty vandalism and cause damage. Other hackers may be more interested in using your account to relay unsolicited bulk email (UBE or "spam") or viruses to others, thereby implicating you while protecting themselves. While these are important intruders to protect yourself from, there are even more important reasons for making passwords difficult to crack or guess.

Organized crime has embraced the Web and Internet commerce as a rich hunting ground for revenue. They are particularly fond of eBay and PayPal accounts and the charge card info waiting to be tapped. But not only do criminals want your passwords for online accounts, they will utilize any information they can get their hands on... email, cell phone, charge cards, bank accounts -- any information which can be surreptitiously used, converted to cash or even sold to other criminals.

Most recently, Homeland Security and the FBI have become painfully aware of the worst case scenario -- widespread use of the internet and online crime to fund terrorist activities. al Qaeda is now training their operatives in the methods used by spammers and phishers to extract usable information from unwary email users -- particularly ecommerce accounts that offer the possibility of quick conversion to cash. They have other, more insidious uses too. eBay accounts are particularly prized for setting up bogus auctions and fraudulent escrow providers for the specific purpose of accessing and obtaining accounts in bulk. Most prized by terrorist organizations are the fruits of Phishing. They know that of every thousand people at least a few will reply or fall for the scam. A million phishing spams will yield several thousand identities to be exploited, pilfered and abandoned.

If you think this is melodramatic consider the 35-year-old master mind of the '02 Bali bombings, Imam Samudra, wrote a primer to teach Muslim radicals how to commit online credit card fraud. al-Qaeda sees this as a good way to fund their activities. Samudra's confiscated laptop not only included acts of internet fraud but writings that suggest online card and bank fraud in the United States alone might become a key weapon in terrorist arsenals.

According to Richard A. Clarke, senior advisor to the White House on matters of counterterrorism and cyber security: the fight against spam and phishing is also the fight against the use and abuse of the Internet by terrorists.

The last line of defense against the spread of criminal internet activities is to prevent them from getting in. Your password is the most important weapon in that defense.

Best Practice

Protect online ID and passwords with diligence. Since there are so many ways to crack or break passwords, it is very important that all passwords be chosen with a great deal of care -- and changed regularly.

* Never use less than 6 characters in passwords
* Always use at least one number
* Change passwords at least every three months
* New passwords should be very different from previous passwords (e.g. don't just switch letters or add a new number)

How to invent a good password

Mix character case (e.g. f2N6swt4NN )
Utilize non-alphabetic characters digits and allowable punctuation.
Passwords should be easy to remember, but hard to guess, so you don't have to write it down

Things not to do with your password:

Do not use your login name in any form
Do not use your first or last name in any form
Do not use your child's, pets or spouse's name
Do not use easily obtained information: license plate numbers, telephone numbers, car brands, hobbies, sports, pets, etc.
Do not use all letters or all digits
Do not use the same letters (decreases password search time)
Do not use a word in English or other language dictionaries

Easy strategies

Switch letters for numbers. Start with a normal word then replace some of the characters with numbers.

Select a simple phrase then use just the first letter of each word interspersed with numbers. Be sure to vary case. "I Love Cherry Pie" becomes ILCP then add the year, change case and you've got: "2i0Loc5P"

Spell words backwards, add numbers, change case.

Bottom Line

What ever your plan or scheme you must follow it religiously. The best systems are only as good as those who maintain them. Even if you think your little ID and password are of no consequence, consider criminals are hitting eBay, PayPal, Amazon and hundreds of other potential gravy-sites with automated systems testing dozens of word and letter combinations per second all day, every day. If they happen to hit your password, your account could take a big hit. You could be repairing your credit and identity for years. Worse yet, you could be providing financing for acts of terrorism or murder.

Pick a new password and change it today.

UGN Site Navigation:

Return to: the top of this page, or the INDEX for this department
Exit to: The User Group Network front page
Contact: The Editor, Webmaster or Membership Director

CREDITS:

Reviewed by Fred Showker for the User Group Network News Service. (C) 2005, all rights reserved. Affiliate groups may freely republish this piece so long as they include the tag line: "From the User Group Network News Service at http://www.user-groups.net/ " ... Event dates are subject to change. Some products, programs, or promotions are not available outside the U.S. Prices are estimated retail prices and are listed in U.S. dollars. Product specifications are subject to change. Apple, the Apple logo, Mac, Mac OS, Macintosh, Power Mac, Velocity Engine, FireWire, AirPort, Safari, Sherlock, QuickTime, iLife, iTunes, iChat, iPhoto, iMovie, iDVD, iCal and Apple Store are either registered trademarks or trademarks of Apple. Other company and product names may be trademarks of their respective owners. Mention of third-party products is for informational purposes only and constitutes neither a recommendation nor an endorsement.

The User Group Network is a member of: The Association of Apple Computer Users & Groups, the MUG News, and is sponsored in part by: The Design & Publishing Center, The News Serve Network, and the Designers' Bookshelf. The User Group Network is the first, and the original user group network for computer users everywhere including, Apple, Mac-Pro, User Group Organization to support Macintosh, IBM PC, Microsoft, Compaq, Amiga, BE/OS, Linux, UNIX, and other leading computer platforms. Hosting services are provided by The Graphic Design Network to serve the computing community. For information about the UGNetwork, to get involved or have your own groups' home page located at user-groups.net, please contact us. Copyright 1994 through present. This site is maintained in the community interest by The Graphic Design Network c/o Showker Graphic Arts & Design, a Corporation of the Commonwealth of Virginia, Commonwealth of Virginia, 22801, Harrisonburg, VA, in the Shenandoah Valley of Virginia, established in 1972.

UGN safenet

Synopsis:

Go To:

Go for it...