What’s in a Word?

I am what you call a security advocate when it comes to things. I am not a security nut or security freak. I have worked with those types and they can be difficult, well, downright annoying at times.
However, while I do maintain that you can have too much security, that would take some work. A lack of security, on the other hand, can cost you not only money, but a lot of time, especially online.

Let’s take a fairly simple example, your blog. This would apply to a lot of other things, but your blog is a simple security risk. For the most part, there is not a lot of money involved and you do say a lot of stuff on it without needing security for a lot of it.
So, your login is not very secure in itself. I mean, I can go to most of your blogs and your login is the name of the blog. So, the vast majority of your security lies in your blog’s password.

A standard password is something you do need to take seriously. I have a lot of passwords. At a rough guess, I would say I have from 30-40 different passwords on the Net and I use about 12-20 weekly, 10-12 daily.
Someone told me (and I read it several places) that there is no such thing as perfect security. I would agree with that. Your password can be guessed, a site can be broken into, as can a house, place of business, or car. It is not, I have been told, a matter of “if”‘; it is a matter of “how long”.
In other words, how long will it take to break into something is what deters most criminals.
Look at it this way: if you were going to run a maze to win a prize (and the prizes were pretty much equal or, at least, unknown) would you rather run a maze with a single entrance and 3 different paths to travel, or a maze with 5 entrances each of which had 4 different paths and only one led to the prize? You see? You could choose the 5 entrance maze, but there are 20 different paths with only one leading to a prize and the other has only 3 different paths. Much easier and less time consuming to go with the 3 path route.
So, let’s look at passwords. Passwords can normally be from 6-20 characters with both Capital and small letters as well as 0-9. Follow the math, it may not be perfect, but it is close

If you have one character, just numbers then you only have 10 different combinations. If you then make it also letters, you add 26 more or 36 total.

If you then allow capitol letters, you add another 26 or 62 total for that one spot. Did you follow that? If not, please reread it before going on.
Okay, now we make it two spots. For the first spot we have 62 combinations; however, now, for each of those 62 in the first spot we could have any of 62 others in the second. That means for two spots, we have 62 X 62 or 3,844 different combinations.

That would be difficult if you were doing it by hand. Even at 10 shots a minute it would take a little over 384 minutes or 6 hours and 24 minutes to do them all!
The problem is that, for passwords, we are talking computers and 3,844 combinations would take less than a second or two. Skip to 6 characters. That would be 62x62x62x62x62x62 or over 56.8 Billions combinations! Much better, but still, a good computer program that could manage 1 per millisecond or 1,000 a second would take a little under 65 Days to go through them all.

Now you know why you are told in a lot of sites to change your password every 30 days.

By adding just one more spot, you would make it 62 times harder to find it out and if you make it 8 characters, you can feel fairly comfortable that even a decent computer program would, likely, take around 680 years to figure out your password by brute force.
So, to make it safe, let’s choose 10 characters. To me this totally eliminates someone just guessing, even with a program.
Done? Not quite.
If they can’t guess all of them, what happens if they can figure out a few things about you and do it from there?
Let’s try this. If I had to find out a password you made and I could put in some information and the computer would try those combinations first, what would that do?

Well, if I look at you online, I might look at your facebook account, your age, birthday, license plate number, children’s ages and birthdays, as well as your spouse or significant other. I would want your favorite number, your telephone number, your zodiac sign, your pet’s name, your favorite color, and your favorite TV show.
If I knew all those and the computer could work with just those, the program might be able to guess your number in a couple of weeks. What you need to understand is that these people let these programs run on hundreds of people for weeks to find one name. Once they have a way in, they can allow the others to keep running and they can try and get stuff out of your account.
What could they do with your blog? Well, let’s see. If they have administrative rights to your blog, what can they do?

They could copy your current blog, write their own, post theirs, then repost yours. Now, yours is current again, but how many times have you seen views done on yesterday’s blog? If they trashed yesterday’s put that name on theirs you might never know what they had done. And, they could say anything. They could put links to bad sites on your blog post and a lot of people who trust you might end up giving some info to them.

Or, they could just change your password and mess with you, lock you out of your account, cause you headaches.
Worst of all, they could simply drop a virus into your post and it could get sent out to hundreds of people. I am sure that WordPress guards against a lot of this, but they do have to put some trust in your common sense.
Here’s some of the important do’s and don’ts of creating a password:

_
Do — make it at least 10 characters
Use Both Capitol and small letters and a number or two (or three)
Write the password down on a piece of paper and hide it well (see below)
Have different passwords for every need

Don’t – use the same password twice

Don’t write the password on a file in your computer (that’ will be taken if your computer is ever broken into – then you have to change them all)
Don’t create passwords that have something important to do with what they are
Don’t use your name or other easy to get to info as part of your password.

One good example and then I will close. Let’s choose a password of ten characters for your blog.
Step one: choose 3-4 words that have something minor to do with it, say “my blog post”. That’s 10 characters.
Step two: Change the first l to 1, e to 3, s to 5 and o to 0. This makes it: “my b10g po5t”.
Step three: Capitalize 2 of the letters, not the beginning ones. So: “mY b10g po5T”.
Step Four: Reverse the middle word: That makes it: “mY g01b po5T”.
Last step: put it all together. Okay, you now have “mYg01bpo5T” as your password (ah, don’t use this one).

_
You can make them harder of course. You can write down (on paper) the steps you go through so you follow them each time.

_
The last thing I would say (and, I know it’s very hard) is to change your password often. You should do it once a month. I know many won’t so my advice then is to make the original ones very hard.
Good luck and stay secure.

Namaste,
Scott