Few people who value their cars would leave the key in the ignition all the time for obvious reasons. Unfortunately, many of those same people do not show the same kind of concern for computer security.
Personal computers generally contain lots
of information that is extremely personal, ranging from credit card
numbers to intimate correspondence. Yet, many peoples' computers are no harder to get into than cars that have keys left in the ignition. Now, you're probably thinking that you are perfectly safe, because you would never do that. You, afterall, have everything password-protected. Before you get too excited and think that this article could never apply to you, ask yourself these questions:
Is your password at least 12 characters long?
Can your password be found in an English dictionary?
Is your password devoid of any numbers in it?
Is your password devoid of any special characters (i.e. @, $, %, &, *, ^, etc.) in it?
Does your password consist of two words separated by a special character?
Is the password the name of your dog?
Is the password the name of your significant other?
Is your password your telephone number or social security number?
Have you kept the same password for more than three months?
Do you use the same password at multiple online sites?
Is your password a common phrase (i.e. if you are a Star Trek fan, is
your password a variation of "Beam me up, Scotty" or something like that)?
Have you accessed your e-mail from a cybercafe or some other public computer? (Psst... remember the case where someone installed keystroke logging software on all those Kinko's computers?)
If you answered "yes" to any of the above questions, your computer
may not be very secure. Why? There are lots of brute force hacking
programs that can be downloaded right from the Net which are simple
enough to be run by most high school students.
A program called L0phtCrack
boasts being able to crack 90% of user passwords in under 48 hours on
a Pentium II/300. Additionally, it claims that it can crack 18% of the
passwords in under 10 minutes.
Programs like this use dictionaries of
common words and phrases. If you are using something that can be
found in one of these, it wouldn't take a hacker very long to be peering into your personal information. Fortunately, there are many things that you can do that will significantly reduce the chances of having your password cracked.
Change your password as frequently as possible. Use words in a language other than English, and then do something to the words that you will be able to remember. For example, if your favorite musical is "Les Miserables" you could use that as a basis for your password. You might want to use a password something like:
or something where you make some changes to some
foreign words that are easy for you to remember. Use 16 characters, if
permissible, and mix the capitalization and special characters into the
words in a random way that you will remember.
Don't write the password down anywhere or store it on your system using a program that promises to "remember" all of your passwords for you (how convenient)! Please don't give your password to someone who calls you on the phone, claiming to be an employee of whomever provides your Internet service. Reputable businesses will never ask you for your password.
These things may seem like common sense, but you may be very surprised to know how many people do not take these simple precautions. If you value your privacy, it is worth it to take the time to select a secure password, change it often, and never tell it to anyone for any reason.
-- J.W., Spies Online