Safe and Secure Password (Part I – Keeping your Password Safe)

January 09, 2012

By Shaun Whitlow

A password is like a key that opens the door to your account. Keeping that key safe helps keep your account safe. If that key were to fall into the hands of someone else, that individual could use it to access your private information or use your account for spamming. It is essential that your password be kept safe.

Before we look at ways to keep your password safe, we should first understand the most common ways that accounts are compromised. The three most common methods are:

*User Disclosure

*Guessing

*Brute Force

We’ll look at each of these methods one at a time.

User Disclosure

When a password has been disclosed by a user, it means that the user has essentially given their password to someone else. This can happen in a number of ways. The most obvious is when an account owner actually tells their password to someone else. This should be avoided whenever possible. There are times when a support technician may need your password in order to troubleshoot an issue with an account. If this does occur, make sure that you know the tech that you are giving the password to is actually part of your provider’s support team, and change your password once the issue has been resolved.

Telling your password to someone else is just one way to disclose it. There are many other means whereby a user may inadvertently disclose their password. For example, a user may write their password down in an attempt to remember it, and that note is later found by someone else. A user may be observed by someone else while they type their password. Even the use of key logging software to capture a password could be considered a form of user disclosure.

Guessing

Password guessing is still a fairly common method for an intruder to access an account. Many account owners still use common words or words with very little variation, making them easy to guess for an intruder with enough time. The most common changes to these commons words, such as adding the number “1” to the end of the password, do little to increase the guessing difficulty. The rise in social networking may provide some assistance to password guessing. Many account owners still use their hometowns, family names, birth-dates, or the birth-dates of loved ones as passwords. Much of this information is easily accessible on Facebook or other social media sites.

Brute Force

Brute force attacks use computer programs to take guessing to the ultimate level. A brute force attack program will simply spam a login prompt with every possible combination of letters and numbers in an attempt to find a user’s passwords. Advanced computer systems can submit thousands of login attempts per second. The simpler the password, the faster a brute force attack can crack it.

Safe Password Practices

Now that we’ve covered the most common methods by which an password may be compromised, here are some tips for keeping your password safe:

*Avoid telling your password to others

*Avoid writing your password down

*Make sure no one is watching you enter your password

*Change your password often

*Keep your Anti-virus software up to date and run it often

*Use a strong password

We will cover what makes a password strong, as well as some of the information behind password strength, in the next part.