Archive for Monday, August 25, 2008
Strong passwords key to Internet security
Experts offer advice for creating complex codes that are easy to recall
August 25, 2008
Advertisement
On the street
Do you always use the same password, or do you come up with different ones?
I actually always use the same one. It’s two names put together. That way it’s nice and long.
Tips for creating safe passwords
¢ Use at least seven characters and include numbers, a special character like "&" and use both upper- and lowercase letters.
¢ Don't use simple words that refer to anything noticeable about yourself, like your spouse or child's name.
¢ Don't make it a word that appears in a dictionary.
¢ Use the first letter in words of a song lyric or phrase of something that will jog your memory, like "FfcBbc-08" for "Final Four college basketball champions 2008."
¢ If you write your password down, don't include any other personal information with it. Use a computer program that will encrypt and safely store passwords instead of just typing them in a Word document.
¢ Do not duplicate passwords.
Source: Kansas University IT security office
When Julie Fugett needs to log in to a Web site with a password, such as for her bank or credit card accounts, she hears music.
For example - this isn't one of her passwords - a fan of the band Journey might type in "Dsb!1hotTf".
It's the first letter of each word in the chorus to "Don't Stop Believin''" with a number and exclamation point included.
"People would look at that and say 'What on earth?' But to me, it means something because to remember my passwords, I sing a little song in my head," Fugett said.
It jogs her memory, and it's a method the Kansas University information security analyst recommends for creating secure and complex passwords to protect personal information and finances from computer hackers.
Selecting secure passwords - and finding a safe way to remember them - has become more important as more and more information is stored digitally, she said.
KU has similar guidelines that require students to change their passwords every semester on their school accounts. The passwords have to be complex: Seven characters with at least one being uppercase, at least one special character such as "&" and one number.
Accounts for school, banking, cell phones, credit cards, insurance, retirement assets and social networking sites all contain precious information.
It also can be inconvenient because it gives people a host of passwords they need to remember. It's frustrating when you can't remember a password, said George Martin, a KU freshman from Oak Park, Ill.
"I can only speak for my friends, but yeah, pretty much everybody keeps the same password so hopefully it won't get too complicated and they'll forget it," Martin said.
He'll vary them and add numbers and symbols on different accounts.
Fugett said it's very risky to use the same password over and over, especially on vital accounts.
"Some 'phishing' attacks are predicated on the notion that you use the same password for everything," Fugett said.
It can be difficult to remember too many passwords. If you have to write them down, she says, be smart about it and write only the password, not the login or any other information that could be helpful to snoopers.
Typing a password list in a word processor file is also a no-no, even if the file itself is protected by a password. Certain Web sites can crack those codes to open Microsoft Word files, for example, for $20, she said.
Instead, Fugett recommends locking your password list in a safe in your hard drive. Password Safe, an application, is free. It allows users to list passwords for their accounts, but the list is protected by one master password.
The master password protects the list, and it's also strongly encrypted, making it very difficult for anyone to crack, she said. Plus, it's much easier to have to remember one password instead of 10 or 15.
Her office receives calls sometimes from frustrated KU users who don't want to change their passwords to make them more complex, but that's better than having someone drain your bank account.
"The more complex it is, the more computationally expensive it is for a bad guy to crack it," Fugett said.
Strong passwords key to Internet security
Computer users generally want convenience, but security experts say if you're not careful your personal information could be at risk.
More like this
- Simple passwords no longer suffice May 31, 2004
- How to create, secure passwords May 31, 2004
- Password overload September 10, 2001
- BAD, OLD PASSWORDS PUT FILES, NETWORKS IN PERIL August 10, 1998
- Beware: Fraudulent callers soliciting personal information 23 comments / June 30, 2008
Top ads RSS
Marketplace
Arts & Entertainment · Bars · Theatres · Restaurants · Coffeehouses · Libraries · Antiques · Services
- Blog: How Has Obama's Stimulus Helped You? November 21, 2009 · 59 comments
- Quiet revolution taking place in America November 25, 2009 · 118 comments
- Federal government seeking easement on 1 million acres of Flint Hills November 25, 2009 · 13 comments
- Turbine manufacturer passes on Lawrence site November 24, 2009 · 75 comments
- Haskell freshman dies in Montana jail November 24, 2009 · 27 comments
- Lambert performance causes stir November 25, 2009 · 41 comments
- Stay or leave? It's business as usual for Mangino in wake of probe November 25, 2009 · 39 comments
- On the street: Is Thanksgiving your favorite holiday? November 25, 2009 · 44 comments
- Dropping home values may not accurately reflect market November 25, 2009 · 37 comments
- Blog: Tasering Your Preteen: Can You Imagine? November 24, 2009 · 68 comments
- Former KU Chancellor Laurence Chalmers dies November 25, 2009
- Message warns students at Perry-Lecompton not to attend class today April 20, 2007
- Pale veggies pack plenty of nutrition December 17, 2008
- KU says student didn't follow proper lab procedures before exposure to toxic chemical November 25, 2009
- School district may have to tap contingency fund November 24, 2009
- Lawrence likely to land distribution center November 24, 2009
- Keenly attuned blind couple have different way of ‘looking at’ things October 12, 2009
- 6News video: SLT opponents gather for forum June 15, 2008
- Kansas ranks 24th in nation when it comes to health November 24, 2009
25 August 2008
at 6:29 a.m.
Suggest removal
Permalink
brainfreeze (Anonymous) says…
julie-you don't know how much i appreciate the journey reference at the beginning of this article. even from as far as texas, i can tell you haven't stopped believin'.great article, and miss all of you lawrencians!from tejas with love, brainfreeze
25 August 2008
at 8:10 a.m.
Suggest removal
Permalink
monkeyspunk (Anonymous) says…
'”“People would look at that and say 'What on earth?' But to me, it means something because to remember my passwords, I sing a little song in my head,” Fugett said.”Umm, you show people your password? And you are an IT Security Analyst? Pretty basic stuff there Julie.
25 August 2008
at 8:17 a.m.
Suggest removal
Permalink
ronwell_dobbs (Anonymous) says…
As an REM fan I use the easy-to-remember mnemonic of “tg1swaebasaalbinae0thltytcwsiondsyonfi0aasgnstlstcwffdhwiafrsgaagfhaacs”
25 August 2008
at 8:34 a.m.
Suggest removal
Permalink
hail2oldku (Anonymous) says…
monkeyspunk (Anonymous) says: '”“People would look at that and say 'What on earth?' But to me, it means something because to remember my passwords, I sing a little song in my head,” Fugett said.”Umm, you show people your password? And you are an IT Security Analyst?Pretty basic stuff there Julie.–––––––––––––––––––––––—”For example - this isn't one of her passwords - a fan of the band Journey might type in “Dsb!1hotTf”.”Just for added emphasis - “this isn't one of her passwords” - Reading copmrehension monkeyspunk - it's pretty basic stuff.
25 August 2008
at 8:36 a.m.
Suggest removal
Permalink
Soapdish (Anonymous) says…
Monkeyspunk-I think she meant that if someone were to ever know her password, they'd be baffled at it, not that she's finding random individuals and showing them her password.Pretty basic reading there, Monkey…
25 August 2008
at 9:26 a.m.
Suggest removal
Permalink
arizonajh (Anonymous) says…
I understand security but my company has three different computer systems or system areas (I don't know which I'm not an IT guy), one for logging into the local network to access your work, one for payroll/HR stuff and one for email/internet access. All three require passwords. Each password must be different from one another and must contain a combination of 8 - 11 letters and numbers but no puncuations, dollar signs, percentage signs, etc. No “runs” as they call them (1234abcd or even keyboard “runs” qwerty1) All passwords must be changed every 60 days and you can't use a password you've ever used in the past on any of the systems. So in 11+ years here I have now gone thru roughly 200 passwords and counting. I'm running out of adresses, dog names, songs, greek gods and swahili sur-names to base these things on. Try keeping 200 passwords in mind while trying to think up a new one. That doesn't even take into account the bank, 401k, phone company, gas company, electric company, DirecTV, retailer sites, newspaper sites etc that all want passwords! There has got to be a better way….though I have no idea what it is!
25 August 2008
at 11:40 a.m.
Suggest removal
Permalink
compmd (Anonymous) says…
arizona, I've worked on federal government computer systems that don't have such stringent password requirements; the one I use currently only makes sure you don't use one of your last three passwords in addition to fairly standard complexity requirements. I don't like forcing users to have to come up with new passwords all the time because this opens up the possibility that a user will say “screw this” and write his password on a sticky note and affix it to his monitor. There is such thing as a reasonable policy that keeps users happy and systems safe.Now, all that having been said, about half the time I sit down at a windows pc that I have never used before (but I know who owns it), I can guess one of the user passwords in less than 10 minutes. If I can't, I pop in a CD, reboot, and I get all its local account passwords and cached domain passwords in no more than 15 minutes. A lesson some people learn the hard way is that if an attacker has physical access to your machine, you must assume that any and all data (including passwords) have been compromised.
25 August 2008
at 12:03 p.m.
Suggest removal
Permalink
monkeyspunk (Anonymous) says…
I stand humbly corrected hail and soapdish thank you for pointing out my ignorance. Sorry Julie. Going to go back to my little hole now…
25 August 2008
at 1:14 p.m.
Suggest removal
Permalink
hail2oldku (Anonymous) says…
It's all good monkeyspunk. Glad to see you could take it the s#it giving fun I intended.
25 August 2008
at 1:43 p.m.
Suggest removal
Permalink
75x55 (Anonymous) says…
First rule of passwords - don't talk about them.