passwords and digital safety

Passwords

Information quoted directly and paraphrased from “Security Awareness” from the University of Texas at

Austin’s Information Technology Serviceshttp://www.utexas.edu/its/secure/articles/keep_safe_with_strong_passwords.php

presents:

To protect your computer, your data and your online accounts, make a strong password your first line of defense.

Flickr CC Photo by Bruno Santos: http://www.flickr.com/photos/bsantos/50283672Flickr CC Photo by Bruno Santos: http://www.flickr.com/photos/bsantos/50283672

Info from University of Texas at Austin’s Information Technology ServicesInfo from University of Texas at Austin’s Information Technology Services

Most people know that strong passwords are a good idea, but don’t realize hackers are becoming increasingly sophisticated at password “cracking.”

Flickr CC Photo by Darwin Bell: http://www.flickr.com/photos/darwinbell/1750378617

Info from University of Texas at Austin’s Information Technology Services

You have to change your password frequently, and stay aware of what techniques hackers are using to steal passwords, if you want to stay ahead of the bad guys.

Flickr CC Photo by Pieter Ouwerkerk: http://www.flickr.com/photos/pieterouwerkerk/699483014


Internet security is based on a “weakest link” principle, and passwords are often the only thing standing between a hacker and access to your computer or a campus network.



If your password is weak, you make it easier for

someone to break in.



Hackers make their livelihood by automating Hackers make their livelihood by automating ways to continually search out the weakest ways to continually search out the weakest link to gain access to a network or computer. link to gain access to a network or computer.

Don’t let your password be the weak link!Don’t let your password be the weak link!

Flickr CC Photo by Treyvor Leyenhorst: http://www.flickr.com/photos/10213764@N02/1485773850Info from University of Texas at Austin’s Information Technology Services

There are real consequences to not having a strong password.

If someone steals your password, they may find a way to access your e-mail or IM messages, your bank accounts, your research, your contact lists and whatever else you have on your computer.

Flickr CC Photo by Angel Arcones: http://www.flickr.com/photos/freddy-click-boy/3303542092


Your files may be altered or destroyed. Sometimes hackers even take over a computer and turn it into a zombie, using it to perform malicious tasks such as sending out large amounts of spam.

Flickr CC Photo by Thomas Hawk: http://www.flickr.com/photos/thomashawk/362270357


How Passwords Are Stolen

When you are creating a strong password, it can help to know the tactics hackers use to steal them.

The following are some of the most frequently used techniques:

Guessing Programs designed to guess a user’s password are

common. They often use personal information found online—such as names, birth dates, names of friends or significant others, pet names or license plate numbers—as a starting point.

These programs can even search for a word spelled backwards.

STOLEN

?

Flickr CC Photo by Eric Schmuttenmaer: http://www.flickr.com/photos/akeg/2175038829


TIP: It’s best to steer clear of any personally identifying information when creating a password.



Dictionary-based attacks

Programs and software also exist that run every word in a dictionary or word list against a user name in hopes of finding a perfect match.

Flickr CC Photo by David Glover: http://www.flickr.com/photos/davidglover/4269594949


TIP: Staying away from actual words, even in a foreign language, is recommended.



By trying every conceivable combination of key strokes in tandem with a user name, brute force attacks often discover the correct password.

Programs can execute a brute force attack very quickly.

“Brute Force” attacks

Flickr CC Photo by Alex Eylar: http://www.flickr.com/photos/hoyvinmayvin/4687336568


TIP: The best way to beat such an attack is with a long, complex password that uses upper and lower case letters, numbers, special characters and punctuation marks.



Phishing

Phishing scams usually try to hook you with an urgent IM or e-mail message designed to alarm or excite you into responding.

These messages often appear to be from a friend, bank or other legitimate source directing you to phony Web sites designed to trick you into providing personal information, such as your user name and password.

Flickr CC Photo by Widjaya Ivan: http://www.flickr.com/photos/28288673@N07/6457165789 Info from University of Texas at Austin’s Information Technology Services

TIP: Don’t click a link in any suspicious e-mails, and don’t provide your information unless you trust the source.



“Shoulder surfing”

Passwords are not always stolen online. A hacker who is lurking around in a computer lab, cybercafé or library may be there for the express purpose of watching you enter your user name and password into a computer.

Flickr CC Photo by tanakawho: http://www.flickr.com/photos/28481088@N00/425099204


TIP: Try to enter your passwords quickly, without looking at the keyboard, as a defense against this type of theft.



Tips for Creating and Using Safe Passwords



Use BOTH upper- and lower-case letters.

Flickr CC Photo by Nina Stössinger: http://www.flickr.com/photos/ninastoessinger/4179518104Flickr CC Photo by Nina Stössinger: http://www.flickr.com/photos/ninastoessinger/4179518104

Info from University of Texas at Austin’s Information Technology ServicesInfo from University of Texas at Austin’s Information Technology Services

Place numbers and punctuation marks randomly in your password.

Flickr CC Photo by Lali Masriera: http://www.flickr.com/photos/visualpanic/856235055


Make your password long and complex, so it is hard to crack. Between 8 to 20 characters long is recommended.

Flickr CC Photo by Jason Pearce: http://www.flickr.com/photos/jasonpearce/4750110576


Use one or more of these special characters:

! @ # $ % * ( ) - + = , < > : : “ ‘


To help you easily remember your password, consider using a phrase or a song title as a password. For example, “Somewhere Over the Rainbow” becomes “Sw0tR8nBO” or “Smells Like Teen Spirit” becomes “sMll10nspT.”

Flickr CC Photo by marc falardeau: http://www.flickr.com/photos/49889874@N05/6101434856Flickr CC Photo by marc falardeau: http://www.flickr.com/photos/49889874@N05/6101434856Info from University of Texas at Austin’s Information Technology ServicesInfo from University of Texas at Austin’s Information Technology Services

Make your password easy to type quickly. This will make it harder for someone looking over your shoulder to steal it.

Flickr CC Photo by Chris Metcalf: http://www.flickr.com/photos/laffy4k/441037582


Create different passwords for different accounts and applications.

That way, if one account is breached, your other accounts won’t be put at risk too.

Using your password safely



Change your passwords regularly, about once every six months.

(Daylight Savings Time?)

Flickr CC Photo by Eliazar Parra Cardenas: http://www.flickr.com/photos/eliazar/407591133


Don’t share your password with anyone else. Once it’s out of your control, so is your security.

Flickr CC Photo by Mike Fernwood: http://www.flickr.com/photos/ultimateslug/326930489


Never enable the “Save Password” option, even if prompted to do so.

Pre-saved passwords make it easy for anyone else using your computer to access your accounts.

http://www.rhsmith.umd.edu/portal/portal_help.html


Be especially careful about saving passwords in web browsers.

http://www.webdevelopersnotes.com/how-do-i/clear-browsing-data-google-chrome.php

Never walk away from a shared computer without logging off. This will ensure no other users can access your accounts.

Flickr CC Photo by Totumweb: http://www.flickr.com/photos/totumweb/5601416590


Don’t use sample passwords given on different Web sites, including this one.

“Somewhere Over the Rainbow” becomes “Sw0tR8nBO” or “Smells Like Teen Spirit” becomes “sMll10nspT.”


passwords and digital safety

Education