Some people are so stupid with passwords, it would seem, that they might as well erect a sign outside their door saying “LOOK! BANK ACCOUNTS, ONLINE PROFILES, PRIVATE INFORMATION, ALL FOR FREE!”
Malicious hackers know that a lot of computer users find it difficult to remember passwords, and will therefore choose something they won’t forget and will stick with for a long time. Easy passwords like ‘password’ or ‘open’ or ’security’ are a no-brainer, for both unsuspecting user and evil cracker.
Equally unpreferable are ‘dictionary’ passwords, as in single words like ‘cabbage’. When picking a password, if you absolutely must make it a single word, pick up a dictionary (yes, the big heavy one) and look for it. Ideally you might also want to search the full Oxford English Dictionary if your library has a copy, or check on Wiktionary. If a dictionary password is used, all the cracker has to do is try all the words in the dictionary and he’s in.
Obvious numbers are also a big no-no. Don’t use your date of birth, phone number or the box you won Deal or No Deal with. Neither should you use your username, and definitely don’t use a blank password. This allowed the British hacker Gary McKinnon to enter NASA’s systems and then make wild, ridiculous claims about UFOs and free energy.
The best policy for generating passwords is to put something in at random, a combination of letters, numbers, and preferably some symbols like # ~ @ etc. It should be at least eight characters long, and changed at least every year, preferably every three months.
And writing passwords down should be avoided whenever possible. If you need to write down your home password, then keep it under lock and key (eg in a safe). NEVER write down your business password.
You may think I’m being a bit over-the-top in this, but it is incredibly important in these days when identity theft is widespread and as easy as rummaging around in someone’s bins. And I can’t imagine your boss being very happy if he finds out that a rival company employed someone to crack your weak password and steal a document called StrategiesForAdvantageAgainstCompetition.docx. Both identity theft and corporate espionage are big business and on the Internet, there are people who will do anything to make a few quid.
