You may wonder why it is so important to choose a safe password. What are the dangers of choosing a bad one?
A true story demonstrates the dangers of choosing a bad password. We will examine how to choose a good one.
One the website, www.xblock.com, a story was reported of a pharmacist who used an Internet instant messenger service. (The particular service will not be listed in this article.) Every day he checked his e-mail, read the morning news, and checked a stock site. Everything was fine until he tried to use the messenger service. He could not log on, and the service kept rejecting his password for no reason. He sent a message to his friend about the problem and to the xblock.com staff. The xblock.com staff told him there was a good chance his account had been tampered with.
The hacker had not stopped with stealing the pharmacist’s password. He had also stolen the list of the people he sent instant messages to.
The hacker then, using the stolen password, posed as the pharmacist and began sending out Trojan Horses, which are files designed to cause much damage to computers. The Trojan Horse was implanted on their computers, and the hacker took control of their computers also.
The xblock.com staff contacted the hacker through the instant messenger service, and he claimed to be from Jordan and demanded $50,000. A computer trace found he was at a university in the Netherlands, however. He refused to return the account, but a lot of his damage was minimized by contacting people on the pharmacist’s instant message list.
It took several days before the instant messenger service shut down the account, perhaps because people from the service wanted to be certain a hacker had actually hijacked an account.
Why was the hacker able to access the pharmacist’s account? His name was Larry, and he chose Larry as his username and as his password. The hacker didn’t have to use much of the sophisticated knowledge or equipment he might have had to guess either the password or username. Almost anyone could have guessed both. Once the hacker had control of Larry’s account, naturally Larry’s friends assumed the hacker was Larry.
After stealing a password, a hacker could potentially not only send someone, or even many people a virus, he also could try to get access to credit card or banking information.
How does one choose a good password? What are the characteristics of a bad password?
Examples of bad passwords are your name, the name of your spouse, or pet. It is also bad to use those names backward, or followed by a single digit. Shorter passwords are also bad; they are easier to guess. Other bad passwords are “magic words” from computer games, such as xyzzy, because while they may look mysterious and as though they cannot be guessed, they are actually well known. Don’t choose your phone number as a password, characters from your favorite movies or books, local landmark names, favorite drinks, or the name of your favorite team or player. Don’t choose the name of a famous computer scientist. You also should not choose the name of a friend or coworker, your favorite fantasy character, the name of your boss, the name of the computer operating system you are using, your license plate number, your Social Security number, your driver’s license number, anyone’s birthday, the name of your alma mater, words such as wizard, guru, etc.; any username that is on the computer, or passwords of all the same letter.
Whatever you do, don’t use a Smoking Joe as your password. A Smoking Joe is using your username as your password. That is just too easy for a hacker to guess.
Another thing you should not do is write down your password, especially where others might have access to it. It is better to memorize it. Many times a student has found the password of a college professor and changed his grades.
On the other hand, if your password is so complicated that you have to write it down to remember it, you most likely have a password that will be difficult to guess.
If you have to write down your password, don’t identify it as a password. Don’t include the name of your account, network name, or phone number of the computer on the same piece of paper as your password. Don’t place the password on the terminal, keyboard, or any part of your computer. Don’t write only your actual password. Disguise it by mixing it with other characters, or scrambling the password in a way only you can identify. If you are using a hand held computer, consider using an encrypting password-keeping program.
Two other tips: Don’t record your password online in a file, database, or e-mail message; never send a password to someone by e-mail. Many hackers scan e-mail message for the word password.
Many hackers have computer programs that automate the process to find the passwords of others.
What are good passwords? A good password will have lowercase and uppercase letters. It will have digits and/or punctuation characters, as well as letters. It may include control characters and spaces. It will be easy to remember, so it will not have to be written down. It will be at least seven or eight characters long. It can be typed quickly, so someone cannot determine what you are typing by looking over your shoulder.
As an example of a good password, take two short words and combine them with a character or number. An example could be pig8prison or shoe-church. You could also use an acronym that is familiar only to you, with or without a number or character, or a second word, such as IhmjIlmcilmW (I hate my job; I love my computer; I love my wife) or IhmjIlmcilmW1.
In college I learned hackers are more and more sophisticated. There are a lot of things you can do to protect yourself, however.