News Columns & Blogs

Fight identity theft with passwords

In 2004, Bill Gates declared that the password was dead. He said that security demands a stronger device, and users are unwilling to complicate their passwords enough to be secure.

Identitytheft.info lists more than 240 U.S. security breaches from January to September 2009. Personal data was stolen from city, county, state and national databases including the NYPD, the U.S. Army, and the U.S. Dept. of Homeland Security. Universities, public school districts, and hospitals including Johns Hopkins suffered data losses. Popular business were targeted including Best Buy, Kohls, Hudsons, T-Mobile, Comcast, Sprint, AT&T, Google, Microsoft and Wal-mart. Chase Bank, Sovereign Bank and Bank of America also were among the victims.

Worldwide, hotel networks are the most frequently targeted for credit card theft at 38 percent of recent security breaches from 24 countries. Financial institutions were victims in 19 percent of the attacks. Myfoxnational.com reports these figures given early this month at the Black Hat DC 2010 security conference.

While many attacks do not crack passwords in order to access information, creating a secure password is the first step toward security for online data. “Brute Force Attacks” use commonly available programs to crack a password. With the speed of computer processing, simple passwords can be found out within a few minutes.

In December of 2009, RockYou.com, a popular site for social networking applications, suffered a breach that affected all of its 32 million user accounts. Since RockYou.com did not encrypt their user passwords, all 32 million passwords were accessed and made public.

Imperva, a computer security company, used that massive list to calculate the most commonly used passwords. The most common password they found was “123456.” Number combinations like this accounted for half of the top 10 list. “Password” was No. 4, followed by “iloveyou,” “princess,” and “abc123.” Also included was the name of the Web site used as a password.

Twitter.com has posted its “370 banned passwords” including “qwerty” and other consecutive keys, “password,” common first names and consecutive number combinations. Many common words are also banned.

NASA’s publicized guidelines for password use explain the significance of a secure password:

“A six-letter password using all upper case letters or all lower case letters has 308 million possible letter combinations. This is easily broken within a couple minutes by automated password cracking programs that hackers can download from the Internet.

“With some combination of both upper and lower case letters, a six- letter password has 19 billion possible combinations. If you increase the password to eight letters and use both upper and lower case letters, there are 53 trillion possible combinations. Substitute a number for one of the letters, and there are 218 trillion possible combinations.

“Substitute one of the special characters for another one of the letters, and you have the recommended type of password — at least eight characters, including at least one upper case letter, lower case letter, number, and special character or punctuation. This has 6,095 trillion possible combinations, still crackable, but requiring a more sophisticated program, a far more powerful computer, and far more time.”

Tony Bradley of PC World suggests using phrases to create memorable passwords without using names or dictionary words. Take your favorite line from a movie and type only the first letters of the words. Using a symbol or capital letter in the middle of the password makes it even more secure. To utilize symbols, think of a phrase that combines two or more symbols, like “pound for pound, it’s worth the money” becomes “#4#iwt$.”

Experts recommend using different passwords on different computer networks, and changing your password regularly. We may not be able to shut down data thieves, but we can safeguard our information at the personal level.

Patty Harshbarger, owner of Computer Renaissance in Bradenton. She can be reached at patty@cr-bradenton.com or (941) 753-8277.

  Comments