Every semester I have a student tell me about some horror story of being hacked and their personal information released to the world. Most of the hackers who try to access your information are inexperienced and use basic tools to get at your accounts (commonly known as 'script kiddies'). Here are some basic tips to securing your passwords and keeping wannabe hackers and 'script kiddies' away from your information.
- Don't use anything personal about you, i.e. your middle name, dog's name, wife's name, etc.
- Avoid real words. A lot of the common scripts used to crack passwords goes through a common dictionary and attempts all of the words until it finds a match.
- Make it 6 letters and above. Short passwords are much easier to crack. The longer the better.
- Mix upper and lower-case. This will act as a big stepping stone for a wannabe hacker to get around and a simple precaution you can use to stop the 'script kiddies'.
- Use different character types. Not only should you throw in upper and lower-case characters, you should throw in different character types. Make sure you have at least one number. For added security, throw in some special characters such as ~ or $.
- Don't give out your password to anyone. There is no reason that your friends, etc. have access to your accounts. As sad as it is to think, some day these people may not be your friends but may have access to your e-mail account because you were naive enough to give them your login information.
- Should be changed monthly. I know that this is the one that most will not live up to. However, this will help to keep your information safe. The more often you update, the less likely you will be hacked.
- Don't use the same password for all your Web sites. If a hacker cracks one site, you don't want him/her to crack all your Web sites. Even small changes (the number at the end) will make a difference.
- Make sure you clear your cookies regularly. A few years ago I mentioned this at a staff meeting and was asked, "how am I going to remember my passwords since all my sites log me in automatically?" If you ask this question then you are not following good security practices. Clearing cookies is needed to keep spyware off your computer and also to clear out that information. If passwords are being housed in cookies, I would hope they are encrypted but I have met many a horrific developer who can care less about security and wouldn't think twice about encrypting passwords. At least once a week, clear your cookies.
No comments:
Post a Comment