One of the most frequent questions I receive as a Network Administrator is related to passwords.  The questions range from "why do I have to change my password?" to "can I use my phone number or child's name as my password?".  Here is a great article from WPTV that I found at http://www.wptv.com/content/specialreports/story/How-to-pick-the-right-password/J9iZdLZ2CEadHMQnsyl6eg.cspx

You don't get very far these days without a password.  Computer logins, e-mail, bank accounts, travel websites, online retailers, Facebook, Twitter, LinkedIn, and Digg all require a password to keep your business private. But how much thought do you give to that magic word?

The idea is to keep other people from having access to your stuff.  The problem is, many of us are a little lazy about picking a password that's really secure.

"We take the easy way out. We either keep one password for all of our accounts, or we come up with passwords that are very common."

Sergeant David Fleet of the Hillsborough Sheriff's Cyber-Crime section says one in seven of us will be the victim of identity theft. And most of us are way too hasty in choosing a password that will really protect our privacy.  In fact, he encounters lots of cases where an identify theft victim had their passwords written on a sticky note pasted right on the computer.

"If you want to hide a key, you don't hide it under your front door mat. So why would you put your password right next to your computer," Fleet asks.

The worst passwords?

Using an obvious password is almost as bad.

Topping a widely accepted list of the ten worst passwords, is the word "password". Easy to remember, but easy to guess.

Consecutive numbers, letters and adjacent characters on the keyboard also made the same list, along with "monkey", "myspace1", and oddly, "blink182".

It's also a bad idea to use your name, birthdate or kid's names. Bad guys can look that up.

The editors at PC Magazine say if you use a password like "password", you might as well just hand your wallet over to the first person you pass in the street.  Sgt. Fleet says your password shouldn't even be a word.

"If you use any kind of word in a dictionary, there are programs out there that look for words. They put words in the password, very automated, puts them in and keeps trying  different variations until they get the right one. So obviously using words or proper names is an absolute no-no for security," Fleet warns.

The best passwords!

So how do you create a fool proof password? Experts suggest you use all of the following in your password:

• Letters and numbers

• Combine upper and lower case

• At least 1 symbol

 

Here's a good trick

To make it easier to remember, use the first letters of a simple sentence like "my favorite holiday? The 4th of july", which gives you "mfh?t4oj".  It's an eight character password with everything a good password needs to keep your information and your identity safe.

If you'd like to test the strength of your password, Microsoft has a password checker on their website.  Click here to see if your password passes their test.

Remember that your first line of defense in this highly electronic world is your password.  Let me know if you have questions about this or other security issues.

 

7 online blunders – These common mistakes can ruin your computer or invite identity theft


1  Assuming your security software is protecting you

2  Accessing an account through an e-mail link

3  Using a single password for all online accounts

4  Downloading free software

5  Thinking your Mac shields you from all risks

6  Clicking on a pop-up ad that says your PC is insecure

7  Shopping online the same way you do in stores

 

Please visit http://www.consumerreports.org/cro/electronics-computers/computers/internet-and-other-services/7-online-blunders/overview/7-online-blunders-ov.htm?EXTKEY=I72RSE0 for the full article.

Copy this link to your browser for the full article... but I’ll shorten it for you.

http://voices.washingtonpost.com/securityfix/2008/10/virtual_bank_heist_nets_500000.html?nav=rss_blog


A single cyber crime group has stolen more than a half million bank, credit and debit card accounts over the past two-and-a-half years using one of the most advanced strains of computer spyware in existence, according to research to be published today. The discovery is among the largest stolen data caches ever recovered.

How does it work?
Researchers at RSA's FraudAction Research Lab unearthed the massive trove of purloined data while tracking the activities of a family of spyware known as the "Sinowal" Trojan, designed to steal data from Microsoft Windows PCs.
Sinowal also is unique in that hides in the deepest recesses of a host computer, an area known as the "Master Boot Record." The MBR is akin to a computer's table of contents, a file system that loads even before the operating system boots up. According to security experts, many anti-virus programs will remain oblivious to such a fundamental compromise. What's more, completely removing the Trojan from an infected machine often requires reformatting the system and wiping any data stored on it.

How did it spread?
The makers of Sinowal typically have spread their Trojan by sewing malicious code into the fabric of large numbers of legitimate, hacked Web sites. When an unsuspecting Windows user visits one of these sites, the code left on the site tries to install the Trojan using one of several known Web browser security holes, such as vulnerabilities found in popular video and music player plug-ins like Macromedia Flash and Apple's QuickTime player.