5 Tips on password security

Whether it’s one PC or hundreds on a network, there’s only one thing that can separate your system from being compromised: a great password.

Why? Hackers want access to anything and everything. If they can guess your user name and password, you might as well have given them your wallet and the keys to your building.

Here is a list of five things to know and practice in using passwords.

1. Don’t be too comfortable with your passwords: Attacks can and do happen.

Hackers will stop at nothing to get into your network and files. They use three different methods to get to you: brute force, dictionary attacks and social engineering.

Brute force is the most time-consuming method. Basically, it involves a program that tries every combination of letters, numbers and keyboard characters to guess your password. It starts with trying every character, and then tries two-character combinations and so on.

The longer the password is, the exponentially more difficult it becomes to crack. A password that is eight characters in length and utilizes lower- and upper-case letters, numbers and keyboard characters won’t be cracked for two years. This underscores the importance of being as random as possible when choosing your password.

Another method of attack is through the use of custom dictionaries. These dictionaries are filled with words and names, but also number and letter combinations, such as 11111 and abc123. Simple passwords such as “duke” or “ilovemydog” can easily be guessed.

The third and most effective method of attack is social engineering. This involves someone with criminal intent soliciting a password directly from a user. Many people give up their passwords to co-workers and strangers without even realizing it.

For example, some small businesses don’t have a dedicated information-technology staff. A hacker posing as someone from your company’s Internet service provider could call in and get an unsuspecting employee’s password by “testing the service.” The hacker might request the employee’s user name and password to log in and test the connection from the ISP’s end. If the hacker sounds authoritative and legitimate enough, your whole network could be compromised.

Read the rest of this entry »