BSC-Newsletter

Passwords, Passwords, and more Passwords!

With identity theft on the rise, password cracking dictionaries and programs getting more sophisticated, and the leading anti-spyware package scanning for over 135,000 known threat traces, there is good reason for you to be concerned about the passwords you use. This article presents ways you can better protect your information and yourself.

Most web sites rely on a simple username and password for authentication. There are even many banking and investment websites that use your social security number or email address as the user name thus making it twice as easy for the professional hacker to gain access to your information by only needing to break the password.

What makes for a secure password? Here are some Do’s and Don’ts.

Make sure that any local accounts including the local administrator account on your Windows computer has a password and is not set to blank.

Make sure your passwords are at least 8 characters.

Do not use just letters that spell a word you can find in the dictionary.

Include at least one number and special character.

Mix in upper and lower case letters in unusual ways.

Substitute special characters for letters such as @ for a, $ for s, or 3 for E.

Consider using a pass phrase rather than a password when the program permits longer passwords, e.g. “cl3ve!@nd^R0cK$”

Do not use available personal information such as a birth date, pet’s name, street address, or your name in the password.

Use a password that is easy to remember so that you do not need to write it down on a post-it note and stick it to your monitor.

Do not ever give your password out to someone you do not know, for instance, a person “calling from tech support to assist you with the computer problem you reported”.

Change your passwords every couple of months.

One of the problems computer users face today is the shear number of usernames and passwords created for various purposes. Best practice says to not use the same username and login for your important sites, but rather make them unique. Some of these logins may be ones that are used only occasionally, or the password is being entered automatically via an auto-logon and hence is soon forgotten. The problem is compounded if you follow the recommendation to change your password periodically. For those of us that do not have a perfect memory, here are some options to keep track of it all.

The simplest option is to record usernames and passwords in a Microsoft Word document and then password protect the opening of that document. Another option is to enter them into a contact management system such as GoldMine or Microsoft CRM and then make sure that access to the database is well secured. This approach is especially useful when you need to share an account for a workgroup.

There is now a class of software utility designed for the problem of tracking multiple passwords and usernames. These password managers come in a couple of flavors: software only, and software plus biometric hardware to read, for instance, your finger print. Some popular choices include:

RoboForm Pro (www.roboform.com) keeps an encrypted list of all your passwords. You only need to remember a single master password. RoboForm can complete standard information on a web site such as your name, address, and telephone number as well as supply your user name and password.

LoginKing (loginking.com) offers a similarly highly rated program.

APC (www.apc.com) has a device, the Biometric Mouse Password Manager, which is a fingerprint reader built into an optical mouse. It comes with Softex's OmniPass password manager software. You can log onto web sites with a touch of your “registered” finger. Directories and files can also be encrypted.

Citrix (www.citrix.com) offers an enterprise solution called Password Manager, a single sign-on (SSO) solution for accessing password-protected Windows, Web and host-based applications.

Auto-logons … are they safe?

Internet Explorer has the ability to remember user names and passwords if you give it permission to do so. In general it is safe to do so if you have protected your pc with strong passwords to begin with. We also recommend to set a boot-up password in your system’s BIOS. That way, if your pc is lost or stolen, there are two layers of protection. Here’s a tip regarding the use of the AutoComplete password entries. To delete an individual saved entry, go to the log on box on a web page and double-click. The saved AutoComplete entries will display. Scroll to the one you want to remove, and press the Del key.