It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

P@55w0rd S3cuR1t33

page: 1
5

log in

join
share:

posted on Apr, 27 2011 @ 06:45 PM
link   
There have been a couple of posts lately by members concerning online passwords or the government's plan for an ID system. Given the events recently regarding Sony and the Playstation Network being hacked I thought one more couldn't hurt.

There are several steps that people can take to make themselves and thier online data/info harder to access. Although in the case of the PSN breach individual users are not at fault, here are some general ideas for people to keep in mind...(PS...I'm an IT guy as well)

1. DO NOT USE THE SAME PASSWORD FOR EVERYTHING!!!

It is a pain in the @55 for sure, but have a different password for every site you use. When you change a passwords DO NOT just rotate one set through each of your sites. If you choose to use a set list over and over again make sure that there are more passwords on that list then sites you connect to.

Ultimately you should use a new password each time you make a change.


2. Change your passwords frequently.

In many businesses the IT department will establish a set of mandatory guidelines that users have no choice but to adhere to. The most basic of these steps is that a password can only be used for a set amount of time before it MUST be changed.

How often you change your passwords is up to you, but for the most casual of users twice a year should be the ABSOLUTE minimum.


3. DO NOT use anything that is well known about you.

Your maiden name, birthdate (yours or a family members), childhood pet etc are all things that people trying to access your account will look at first.

The more obscure or private 'thing' you based your password on the better.


4. Use long, complex passwords.

This is the meat of the issue. Although it is annoying or time consuming to have something complicated that you have to enter EVERY TIME you want to access something, ask yourself one question...How annoying or complicated is it going to be to have to deal with the fallout of having been hacked?

Here's an example...

The best things to use are phrases or sentences


Nice and long, but WAY too simple; throw in some random capitalized letters...maybe a spelling change?

The besT tHinGs to Use aRe fRases oRe seNTenCes


Better, but it still is in plain text...

Th3 be5T tH1nGs t0 U5e aR3 fRas3s 0Re s3NTenCes


Getting there, but more can be done; try to use symbols/non-alpha-numeric characters too...

Th3 be5T tH1nG$_t0_U5e @R3 fR@s3s-0Re s3NTenCe$


Unlikely that someone will stumble upon that! If this was going to be MY banking password...

T#3 b35t +#1nG$_to0_U53 @R3 FfR@535-0R3 53N+3n5@y$


take out the spaces and you'd be looking at...

T#3b35t+#1nG$_to0_U53@R3FfR@535-0R353N+3n5@y$


Good luck hacking that before someone notices you trying.

Although at first it may take some time, you will get the hang of making substituitions. Yes, if you always use @ instead of "a" then you are falling into a pattern, but if you incorpoate ALL of these things together I'll wager that the sum is far more than the individual parts.

Be safe.
edit on 27-4-2011 by [davinci] because: (no reason given)




posted on Apr, 27 2011 @ 06:54 PM
link   
+#@nx, +#@+ i$ $um g00d !nf0


2nd line



posted on Apr, 27 2011 @ 07:24 PM
link   
thanks for the good advice, maybe i really should stop using 'password123' for all my accounts.




posted on Apr, 27 2011 @ 07:24 PM
link   
Password or drowssap is not a good choice?


Only kidding, thanks for reminding us of the basics things we forget.
I play world of warcraft and I have what is called a Battle.net Authenticator. now why dont banks and other company have a similar device for its customers.
Blizzard- Battlenet Authenticator


What Is a Battle.net Authenticator?
The Battle.net Authenticator is an optional tool that offers players with a World of Warcraft account or a Battle.net account an additional layer of security to help prevent unauthorized access. The Battle.net Authenticator provides you with a unique, one-time code to use in addition to your regular password. Log in and rest easy knowing that your account is now even more secure from unauthorized access.

What is a digital code and where do I see it?

The digital code is a six-digit numeric code that is produced when you press the button on the front of your Battle.net Authenticator. Each code is unique and is valid only once.



posted on Apr, 27 2011 @ 08:11 PM
link   
I am in IT/Net security as well. People are still far too trusting and way to naive when it comes to personal digital protection.

Smart Devices without at least using the passcode protection is just asking for someone to come up and wreak havoc using your phone or device.
Employees that walk away from their desks without locking out their terminals first is like putting a sign up that says "Please destroy my credibility with my company, I beg you too".

Like the OP said above, using weak and common passwords is just plain stupid. You might say "but i dont store anything on my computer, I just surf the web and play games."
Ok skippy, whatever. Do any of your sites include checking your bank balance online? Do you pay bills?
Some people could say no to that and wonder why they should care.
One reason...BotNet. Even if you have never used your computer for anything but solitaire and fluffy bunny pics, you can still be a thriving part of the all evil BotNet, lending your excess computing power to scammers, spammers, virus', and more.

Here is some data that you should be aware of.
The single most common password used in the world today is 123456, followed by the word password.

Use extra precautions when using wireless. Currently, there are several tools that can be used to capture and decipher wireless access codes, break wireless encryption, and capture data streams in mid-air. About 5 minutes is all a moderately skilled, yet very determined, hacker needs to get your email acct (login/pw), banking information or any other site you visit via Wi Fi, if you are not careful.

Passwords need to be a minimum of 8 characters long. If you use the examples from the OP and employ alpha-numeric combinations containing symbols and variable case, then you can create a password that is roughly 6-quadrillion possible combinations and a super computer using multiple language dictionaries, random character generators, and more could potentially take over 100 years to break (unless they got lucky). Of course, if you factor in that they can generate over 1 million attempts per second, you will see that you need a good password to survive the onslaught. The more characters you include in your password, the higher the combination count goes.

What it all boils down to is this. You have information about yourself store on your computer. More than you know. It should be safe there. It should be private. Do your part to keep it that way.



posted on Apr, 27 2011 @ 08:52 PM
link   
reply to post by wheresthetruth
 


Thank you for rounding out the point of this thread.

One of the things people don't realize is that many sites DO NOT encrypt your password when it is being transmitted. Yes, on your screen it may appear as dots or whatever instead of what you type, but with the right software (which is freely available without having to break ANY laws) a hacker can grab your password in-transit and read it in form it was typed in.

There is a shocking lack security across the board with respects to privacy or the handling of personal data.

...and this is not limited to the end user.

One of the things that upsets me about the legislation being put forward to combat this issue is that in every case it it the USER who has to take full responsibility. There is not a word about requiring BUSINESSES to use greater care/offer better protection to thier customers. All of these companies have locks on thier doors, security guards on thier property and redundant security measures to prevent access thier equipment; the actual transmission of data however is usually left unsecured.

Typical though.
edit on 27-4-2011 by [davinci] because: (no reason given)




top topics
 
5

log in

join