What’s in a Word?

I am what you call a security advocate when it comes to things. I am not a security nut or security freak. I have worked with those types and they can be difficult, well, downright annoying at times.
However, while I do maintain that you can have too much security, that would take some work. A lack of security, on the other hand, can cost you not only money, but a lot of time, especially online.


Let’s take a fairly simple example, your blog. This would apply to a lot of other things, but your blog is a simple security risk. For the most part, there is not a lot of money involved and you do say a lot of stuff on it without needing security for a lot of it.
So, your login is not very secure in itself. I mean, I can go to most of your blogs and your login is the name of the blog. So, the vast majority of your security lies in your blog’s password.


A standard password is something you do need to take seriously. I have a lot of passwords. At a rough guess, I would say I have from 30-40 different passwords on the Net and I use about 12-20 weekly, 10-12 daily.
Someone told me (and I read it several places) that there is no such thing as perfect security. I would agree with that. Your password can be guessed, a site can be broken into, as can a house, place of business, or car. It is not, I have been told, a matter of “if”‘; it is a matter of “how long”.
In other words, how long will it take to break into something is what deters most criminals.
Look at it this way: if you were going to run a maze to win a prize (and the prizes were pretty much equal or, at least, unknown) would you rather run a maze with a single entrance and 3 different paths to travel, or a maze with 5 entrances each of which had 4 different paths and only one led to the prize? You see? You could choose the 5 entrance maze, but there are 20 different paths with only one leading to a prize and the other has only 3 different paths. Much easier and less time consuming to go with the 3 path route.
So, let’s look at passwords. Passwords can normally be from 6-20 characters with both Capital and small letters as well as 0-9. Follow the math, it may not be perfect, but it is close

If you have one character, just numbers then you only have 10 different combinations. If you then make it also letters, you add 26 more or 36 total.

If you then allow capitol letters, you add another 26 or 62 total for that one spot. Did you follow that? If not, please reread it before going on.
Okay, now we make it two spots. For the first spot we have 62 combinations; however, now, for each of those 62 in the first spot we could have any of 62 others in the second. That means for two spots, we have 62 X 62 or 3,844 different combinations.

That would be difficult if you were doing it by hand. Even at 10 shots a minute it would take a little over 384 minutes or 6 hours and 24 minutes to do them all!
The problem is that, for passwords, we are talking computers and 3,844 combinations would take less than a second or two. Skip to 6 characters. That would be 62x62x62x62x62x62 or over 56.8 Billions combinations! Much better, but still, a good computer program that could manage 1 per millisecond or 1,000 a second would take a little under 65 Days to go through them all.

Now you know why you are told in a lot of sites to change your password every 30 days.

By adding just one more spot, you would make it 62 times harder to find it out and if you make it 8 characters, you can feel fairly comfortable that even a decent computer program would, likely, take around 680 years to figure out your password by brute force.
So, to make it safe, let’s choose 10 characters. To me this totally eliminates someone just guessing, even with a program.
Done? Not quite.
If they can’t guess all of them, what happens if they can figure out a few things about you and do it from there?
Let’s try this. If I had to find out a password you made and I could put in some information and the computer would try those combinations first, what would that do?

Well, if I look at you online, I might look at your facebook account, your age, birthday, license plate number, children’s ages and birthdays, as well as your spouse or significant other. I would want your favorite number, your telephone number, your zodiac sign, your pet’s name, your favorite color, and your favorite TV show.
If I knew all those and the computer could work with just those, the program might be able to guess your number in a couple of weeks. What you need to understand is that these people let these programs run on hundreds of people for weeks to find one name. Once they have a way in, they can allow the others to keep running and they can try and get stuff out of your account.
What could they do with your blog? Well, let’s see. If they have administrative rights to your blog, what can they do?

They could copy your current blog, write their own, post theirs, then repost yours. Now, yours is current again, but how many times have you seen views done on yesterday’s blog? If they trashed yesterday’s put that name on theirs you might never know what they had done. And, they could say anything. They could put links to bad sites on your blog post and a lot of people who trust you might end up giving some info to them.

Or, they could just change your password and mess with you, lock you out of your account, cause you headaches.
Worst of all, they could simply drop a virus into your post and it could get sent out to hundreds of people. I am sure that WordPress guards against a lot of this, but they do have to put some trust in your common sense.
Here’s some of the important do’s and don’ts of creating a password:

_
Do — make it at least 10 characters
Use Both Capitol and small letters and a number or two (or three)
Write the password down on a piece of paper and hide it well (see below)
Have different passwords for every need

Don’t – use the same password twice

Don’t write the password on a file in your computer (that’ will be taken if your computer is ever broken into – then you have to change them all)
Don’t create passwords that have something important to do with what they are
Don’t use your name or other easy to get to info as part of your password.

One good example and then I will close. Let’s choose a password of ten characters for your blog.
Step one: choose 3-4 words that have something minor to do with it, say “my blog post”. That’s 10 characters.
Step two: Change the first l to 1, e to 3, s to 5 and o to 0. This makes it: “my b10g po5t”.
Step three: Capitalize 2 of the letters, not the beginning ones. So: “mY b10g po5T”.
Step Four: Reverse the middle word: That makes it: “mY g01b po5T”.
Last step: put it all together. Okay, you now have “mYg01bpo5T” as your password (ah, don’t use this one).

_
You can make them harder of course. You can write down (on paper) the steps you go through so you follow them each time.

_
The last thing I would say (and, I know it’s very hard) is to change your password often. You should do it once a month. I know many won’t so my advice then is to make the original ones very hard.
Good luck and stay secure.

Namaste,
Scott

Advertisements
Post a comment or leave a trackback: Trackback URL.

Comments

Trackbacks

  • […] about computereze than I do.  I wrote a post about building a good password.  That can be found here.  The other articles are below.  Just know that one of the objects of hackers can be malicious:  […]

    Like

  • By It Might Not Take Much « Kindredspirit23's Blog on September 29, 2012 at 10:11 pm

    […] bit about how to not be so vulnerable to hackers.  My previous post on passwords is a start. It is here.  Computers are wonderful, in the right hands.  But, then again, there are a lot of nice things […]

    Like

Feel free to say something; I look forward to it!

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

The Journey of My Left Foot (whilst remembering my son)

I have Malignant Melanoma, my son had Testicular Cancer

Failing at Haiku

My poetry about flowers, faith, and family.

Thomas Carswell

Some kind of human

Christine's Collection

My streams of thought meet here

Michael Wynn

Musings from the edge of an English summer

Spiritual Biscuits

Another life journey with lots of English biscuits to nibble along the way.

Just Joyfulness

Celebrating joy

Sascha Darlington's Microcosm Explored

Sascha Darlington emerges from her cocoon to investigate her world.

%d bloggers like this: