Sunday, August 26, 2012

Lock It Down

We live in a digital age and with that comes having to remember not just one, but usually several passwords for various websites, from social networking to online stores to your financial institution and online bill paying sites. With all of these logins and the personal information these sites contain, being hacked is always a fear; just think about all the nekkid pictures of celebrities that have been leaked because their phone or their Twitter account got hacked.

A recent article on ArsTechnica says that not only have passwords become weaker, but the tools by which hackers crack passwords have become more sophisticated. Trying to be clever by changing something like rockyou to R0cky0u! to satisfy many services’ and sites’ requirements for at least one capital letter, one number, and one special character just don’t cut it anymore as the hackers have gotten wise to these ‘clever’ tricks. (note, putting ‘clever’ in quotes is my way of trying to denote a sarcastic tone, in case you didn’t pick up on that).

That being said, the ideal password is one that you, yourself, can’t even remember due to it being highly randomized. If something like R0cky0u! is still considered weak since it follows a popular phrase, and dictionary words are right out because that’s always been the first thing hackers try, then ideally, a password should be randomized. Something like oLj2Y6rp would be secure as it is very random, includes upper and lower case letters and numbers. But, who the hell could ever remember something like that other than, say, Lt. Commander Data? Enter, password management services and software.

There are many password managers available, LastPass, KeyPass, 1Password, etc. Some use the cloud, others don’t. The point to these services is that you only have to remember one password to get into your password manager, which remembers all of your other passwords for you. “But, I just use the same password for everything anyway,” you say? Hmmm... that’s not very secure either I’m afraid. Just think about it. If you have only one password that you use for everything, then all a hacker has to do is crack that one password, and you’re screwed! Services like LastPass not only can store your passwords for you (securely and encrypted, I might add), but also can generate random passwords for you so that all of your passwords are different. The example I gave above, oLj2Y6rp, in fact was generated using LastPass.

Now, I know some folks are wondering, “What’s the difference? If my LastPass account were to get hacked, then I’d be just as screwed.” And, to be honest, that’s true. But I have a lot more faith in something like LastPass keeping their users’ information secure than say, Facebook or Twitter or LinkedIn or any of a number of sites and services that have been hacked or whose users have been hacked.

The point is, we live in a world where identity theft does happen and where hackers like to hijack people’s social networking accounts so being a pr1nce$$ or a Sup3rThinker isn’t good enough anymore.

Be safe,
~ JC

-----------------
Articles and Links:

“Why passwords have never been weaker—and crackers have never been stronger
Thanks to real-world data, the keys to your digital kingdom are under assault.”
- http://arstechnica.com/security/2012/08/passwords-under-assault/

LastPass - https://lastpass.com/

LastPass Alternatives that Keep Your Passwords Safe from Online Hacking - http://lifehacker.com/5799036/the-best-password-utilities-that-dont-store-your-data-in-the-cloud

Four things you should know about LastPass - http://blogs.computerworld.com/18265/four_things_you_should_know_about_lastpass

How to Make LastPass Even More Secure with Google Authenticator - http://www.howtogeek.com/104666/how-to-make-lastpass-even-more-secure-with-google-authenticator/

11 Ways to Make Your LastPass Account Even More Secure - http://www.howtogeek.com/121267/11-ways-to-make-your-lastpass-account-even-more-secure/
Post a Comment