Cumbria Business Portal

Be Secure On Line
All too often we hear of people who are still using their children's or pets names as passwords. Some use birthdays or anniversaries; in short we all like to use passwords that are easy for us to remember. The trouble is that anyone who knows you could, given a bit of time work out the possible passwords that you will probably use and in doing this they could have access to your online banking and more. So how do you stop that kind of thing happening? Believe it or not there is a simple and effective answer to that question and it doesn't take a genius to put it into practice. So how do you actually create a good strong password? Here are some tips! Try not to use short passwords - Each time you add a character to your password it increases the protection that it provides many times over. All of your passwords should be at least eight or more characters in length; if you create a password with fourteen characters or longer this would be ideal. Many systems now support use of the space bar in passwords, where this is the case you can create a phrase made of many words (known as a "pass phrase"). The good thing about pass phrases is that they are often easier to remember than a simple password, as well as longer and harder to guess. A pass phrase might take the shape of one or two lines from your favourite poem or a section of pros. Another way to create a strong password is to combine letters, numbers, and symbols. Always remember that the greater variety of characters that you have in your password, the harder it is to guess. The fewer types of characters you use in your password, the longer it must be. For example; - If you create a fifteen character password which is composed only of random letters and numbers it is about 33,000 times stronger than an eight character password composed of different characters from the entire keyboard; so if you can't create a password that contains symbols with your keyboard, you need to make the password considerably longer to achieve the same degree of protection. However, an ideal password always combines both length and differing types of symbols. Make sure that you Use the entire keyboard; don't just use the most common characters on your keyboard. By using symbols (which are typed by holding down the "Shift" key and typing a number) are very common in passwords but effective. Your password will be much stronger if you choose from all the symbols on the keyboard, including any punctuation marks that are not on the upper row of the keyboard, also any symbols unique to your language settings. Make it easy for you but harder for them – Try to use words and phrases that are easy for you to remember, whilst at the same time being difficult for others to guess. The easiest way to remember your passwords and pass phrases is to write them down. Contrary to popular belief, there is nothing wrong with writing passwords down, but they need to be adequately protected in order to remain secure and effective. Remember, In general, passwords written on a piece of paper are more difficult to compromise across the Internet than a password manager, Web site, or other software-based storage tool, such as password managers - As Long as You Keep Them in a Safe Place, don't loose them and don't share them unless absolutely necessary! Create a strong, memorable password in 4 easy steps Think of a sentence that you can remember. Use this as the basis of your strong password or pass phrase. Use a memorable sentence, such as "My Auntie Joan is eighty three years old." Make sure you check that the computer or online system supports the pass phrase directly. If you can use a pass phrase (with spaces between characters) on your computer or online system, do so. You can then use your phrase for a password. If the computer or online system doesn't support pass phrases, convert the phrase to a password. To do this simply take the first letter of each word of the sentence that you've thought of to create a new, nonsensical word. If we use the example above, you'd get: "majietyo". You can further strengthen the word by substituting characters for letters. Let's look at some of the alternatives: - You might decide to use numbers instead of "eighty three" so your password would become maji83yo. Or MaJi8tyO; or with using characters it would become mAji£yo. Mix upper and lower case letters and numbers Substitute punctuation marks for letters Having created your new safer password you can check it safely by going to this Microsoft website and using the secure online password checker by following this link. Visit Microsoft's Protect Yourself advice Pages* What to Avoid Some of the more common methods used to create passwords as we discussed earlier are really easy to guess by criminals and hackers. How to avoid weak and easy to guess passwords Avoid sequential or repeated characters. Steer clear of stringing things together like "12345678" - "8888888" - "abcdefg," or using letters which are adjacent on your keyboard, they will not help you make secure passwords Avoid using only look-alike substitutions of numbers or symbols. Criminals and Hackers who know enough to try and crack your password will not be fooled by common look-alike replacements, such as to replace an "i" with a '1' or an 'a' with @' sign as in "M1cr0$0ft" or "P@ssw0rd". However, these substitutions can be effective when combined with other measures, such as making the password longer, or using misspellings, or making simple easy to remember variations in case changes from upper to lower and vice versa to improve the strength of your password. Avoid at all costs using your login name. Try not to use any part of your name, birthday, NI Number or similar information from your loved ones as this constitutes a bad password choice. This is one of the first things criminals will try and there is software out there which they can set running and it comes up with all the potential alternatives reasonably quickly. This does not mean that any password you think of has the chance of being broken easily, but the longer it takes to crack the more they are likely to leave it and go on to one belonging to someone else that is easy. Time is of the essence as the longer they take the more chance they have of being discovered. Avoid dictionary words in a foreign language. Hackers and Criminals use sophisticated tools that can rapidly guess passwords that are based on words in multiple dictionaries, including words spelled backwards, common misspellings, and substitutions. This includes all sorts of profanity and any word you would not say in front of your children. Use more than one password. You would be surprised how many people use the same password for everything from computer access to Internet Banking. Remember, if any of the computers or online systems using your password is compromised, all of your other information protected by that password should be considered compromised as well. It is critical to use different passwords for different systems. This is very important and even more so to those individuals recently compromised by the Governments miss-handling of data relating to recipients of child benefit. In this case details could be compromised for years to come. If you are one of them you should be changing passwords and bank account numbers to protect yourself and your children. Avoid using online storage. Earlier we said that computer based password managers are not as secure as writing down your passwords and keeping them in a safe place. If malicious users find these passwords stored online or on a networked computer, remember they have access to all your information. So be careful!!! It might sound silly but, using a Blank Password Option – (no password at all) on your account is probably more secure than a weak password such as "1234". Criminals can easily guess a simplistic password, but on computers using Windows XP, an account without a password cannot be accessed remotely by means such as a network or the Internet. (This option is not available for Microsoft Windows 2000, Windows Me, or earlier versions) Only use a blank password on your computer account if the following criteria are strictly met: You only have one computer or you have several computers but you do not need to access information on one computer from another one Your computer is physically secure (This would be where you trust everyone who has physical access to that computer) When is a blank password not secure? The use of a blank password is not always a good idea. For example, if you use it on a laptop computer that you take with you then this is most likely insecure, so in this case you should always opt for having a strong password. Changing Passwords For On-line accounts Many web sites have a variety of policies that govern how you can access your account and change your password. Look for a link (such as "my account") somewhere on the site's home page that goes to a special area of the site that allows password and account management. It might be something as simple as a link for "forgotten my password". Once found follow its instructions and usually a new login password is sent to you by email. Your own Computer passwords! Use the Help files for your computer operating system, these will usually provide information about how to create, modify, and access password-protected user accounts, as well as how to require password protection upon start-up of your computer. You can also try to find this information online at the software manufacturer's Web site. For example, if you use Microsoft Windows XP; click on this link or type it into your browser. http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/default.mspx?mfr=true Microsoft Link for managing your computer stored passwords This Microsoft link will show you how to change passwords in your computer Keeping Your Passwords Secret You must always treat your passwords and pass phrases with as much care as the information that they protect. Once compromised they are if little use, here are some tips. Don't reveal them to others. Keep your passwords hidden from friends or family members (especially children) that could quite innocently pass them on to other less trustworthy individuals. Passwords that you need to share with others, such as the password to your online banking account that you might share with your spouse, are the only exceptions. However, having said this most banks require each person to have their own password to access a bank account, so check with your bank or you could be forfeiting compensation should the worst happen if you have shared your password – even with your wife or husband. Protect any recorded passwords. Be careful where you store the passwords that you record or write down. Never leave these records of your passwords anywhere that you would not leave the information that they protect. Always lock them away if you can and make sure the key is secure as well. There is little point in locking a written password in a filing cabinet only to lock it and leave the key in the lock or lying on a desk or table. Secure everything! Never - provide your password over e-mail or based on an e-mail request. Be aware that any e-mail that requests your password or requests that you to go to a Web site to verify your password is almost certainly a fraud and a criminal trying to gain access to your information or worse your money. This also includes requests from a trusted company or individual. E-mail is an insecure method of communication just like a radio transmission it can be intercepted in transit, and e-mail that requests information might not be from the sender it claims to be. These are known as Internet "phishing" scams use fraudulent e-mail messages to entice you into revealing your user names and passwords, steal your identity, and more. Your bank or anyone else will not ask you for such details by email so never respond to any of these emails! To learn more about Phishing Scams and on line fraud you can follow this Microsoft link or type it into your browser. http://www.microsoft.com/protect/yourself/phishing/identify.mspx Change your passwords regularly. Changing your password regularly can help keep criminals and other malicious users unaware. The stronger your password will help keep it good and secure for a longer time. Passwords that are shorter than eight characters should be considered only good for a week or so, while a password that is 14 characters or longer (and follows the other rules outlined above) can be good for several years. So if you don't like changing passwords – make it as secure and as long as you can! Don't type passwords on computers that you do not control. Computers such as those in Internet cafés, computer labs, shared systems, kiosk systems, conferences, and airport lounges These should always be considered very unsafe for any personal use other than anonymous Internet browsing. Do not use any of these computers to check online e-mail, chat rooms, bank balances, business mail, or any other account that requires a user name and password. Criminals and Hackers can easily purchase keystroke logging devices for very little money and they take only a few moments to install on a computer. These keystroke devices let malicious users harvest all the information typed on a computer from across the Internet—your passwords and pass phrases are worth as much as the information that they protect. Don't forget that, the criminal fraternity won't you can be sure of that! Finally, what should you do if your password is lost or stolen? Be sure to monitor and check all the information you protect with your passwords, such as your monthly financial statements, credit reports, online shopping accounts, and so on. Strong and memorable passwords can help protect you against fraud and identity theft, but there are never any guarantees, so stay vigilant. No matter how strong you feel your password is, if someone manages to break into the system that stores it, they will have your password and any information it protects. If you notice any suspicious activity that could indicate that someone has accessed your information, notify the authorities as quickly as you can. You can get more information on what to do if you think your identity has been stolen or you've been similarly defrauded by visiting this Microsoft website – either click on the link or paste or type it into your browser address bar. http://www.microsoft.com/protect/yourself/personal/fraud.mspx Be Safe! Disclaimer: - The information given in this newsletter is based on our interpretation of security on the Internet and computer security. If you are not sure about any of the items covered you should seek help from someone who does understand this subject. Artemis Media and Cumbria Business Portal cannot be responsible for your actions once you have read this information. It is intended as information and not advice to any individual.

Be Secure On Line

All too often we hear of people who are still using their children's or pets names as passwords. Some use birthdays or anniversaries; in short we all like to use passwords that are easy for us to remember. The trouble is that anyone who knows you could, given a bit of time work out the possible passwords that you will probably use and in doing this they could have access to your online banking and more.

So how do you stop that kind of thing happening?

Believe it or not there is a simple and effective answer to that question and it doesn't take a genius to put it into practice. So how do you actually create a good strong password?

Here are some tips!

Try not to use short passwords - Each time you add a character to your password it increases the protection that it provides many times over. All of your passwords should be at least eight or more characters in length; if you create a password with fourteen characters or longer this would be ideal.
Many systems now support use of the space bar in passwords, where this is the case you can create a phrase made of many words (known as a "pass phrase"). The good thing about pass phrases is that they are often easier to remember than a simple password, as well as longer and harder to guess. A pass phrase might take the shape of one or two lines from your favourite poem or a section of pros.
Another way to create a strong password is to combine letters, numbers, and symbols. Always remember that the greater variety of characters that you have in your password, the harder it is to guess.
The fewer types of characters you use in your password, the longer it must be. For example; - If you create a fifteen character password which is composed only of random letters and numbers it is about 33,000 times stronger than an eight character password composed of different characters from the entire keyboard; so if you can't create a password that contains symbols with your keyboard, you need to make the password considerably longer to achieve the same degree of protection. However, an ideal password always combines both length and differing types of symbols.
Make sure that you Use the entire keyboard; don't just use the most common characters on your keyboard. By using symbols (which are typed by holding down the "Shift" key and typing a number) are very common in passwords but effective. Your password will be much stronger if you choose from all the symbols on the keyboard, including any punctuation marks that are not on the upper row of the keyboard, also any symbols unique to your language settings.
Make it easy for you but harder for them – Try to use words and phrases that are easy for you to remember, whilst at the same time being difficult for others to guess. The easiest way to remember your passwords and pass phrases is to write them down. Contrary to popular belief, there is nothing wrong with writing passwords down, but they need to be adequately protected in order to remain secure and effective. Remember, In general, passwords written on a piece of paper are more difficult to compromise across the Internet than a password manager, Web site, or other software-based storage tool, such as password managers - As Long as You Keep Them in a Safe Place, don't loose them and don't share them unless absolutely necessary!

Create a strong, memorable password in 4 easy steps

Think of a sentence that you can remember. Use this as the basis of your strong password or pass phrase. Use a memorable sentence, such as "My Auntie Joan is eighty three years old."
Make sure you check that the computer or online system supports the pass phrase directly. If you can use a pass phrase (with spaces between characters) on your computer or online system, do so. You can then use your phrase for a password.
If the computer or online system doesn't support pass phrases, convert the phrase to a password. To do this simply take the first letter of each word of the sentence that you've thought of to create a new, nonsensical word. If we use the example above, you'd get: "majietyo".
You can further strengthen the word by substituting characters for letters. Let's look at some of the alternatives: - You might decide to use numbers instead of "eighty three" so your password would become maji83yo. Or MaJi8tyO; or with using characters it would become mAji*£yo.
- Mix upper and lower case letters and numbers
- Substitute punctuation marks for letters
Having created your new safer password you can check it safely by going to this Microsoft website and using the secure online password checker by following this link. Visit Microsoft's Protect Yourself advice Pages

What to Avoid

Some of the more common methods used to create passwords as we discussed earlier are really easy to guess by criminals and hackers.

How to avoid weak and easy to guess passwords

Avoid sequential or repeated characters. Steer clear of stringing things together like "12345678" - "8888888" - "abcdefg," or using letters which are adjacent on your keyboard, they will not help you make secure passwords
Avoid using only look-alike substitutions of numbers or symbols. Criminals and Hackers who know enough to try and crack your password will not be fooled by common look-alike replacements, such as to replace an "i" with a '1' or an 'a' with @' sign as in "M1cr0$0ft" or "P@ssw0rd". However, these substitutions can be effective when combined with other measures, such as making the password longer, or using misspellings, or making simple easy to remember variations in case changes from upper to lower and vice versa to improve the strength of your password.
Avoid at all costs using your login name. Try not to use any part of your name, birthday, NI Number or similar information from your loved ones as this constitutes a bad password choice. This is one of the first things criminals will try and there is software out there which they can set running and it comes up with all the potential alternatives reasonably quickly. This does not mean that any password you think of has the chance of being broken easily, but the longer it takes to crack the more they are likely to leave it and go on to one belonging to someone else that is easy. Time is of the essence as the longer they take the more chance they have of being discovered.
Avoid dictionary words in a foreign language. Hackers and Criminals use sophisticated tools that can rapidly guess passwords that are based on words in multiple dictionaries, including words spelled backwards, common misspellings, and substitutions. This includes all sorts of profanity and any word you would not say in front of your children.
Use more than one password. You would be surprised how many people use the same password for everything from computer access to Internet Banking. Remember, if any of the computers or online systems using your password is compromised, all of your other information protected by that password should be considered compromised as well. It is critical to use different passwords for different systems. This is very important and even more so to those individuals recently compromised by the Governments miss-handling of data relating to recipients of child benefit. In this case details could be compromised for years to come. If you are one of them you should be changing passwords and bank account numbers to protect yourself and your children.
Avoid using online storage. Earlier we said that computer based password managers are not as secure as writing down your passwords and keeping them in a safe place. If malicious users find these passwords stored online or on a networked computer, remember they have access to all your information. So be careful!!!
It might sound silly but, using a Blank Password Option – (no password at all) on your account is probably more secure than a weak password such as "1234". Criminals can easily guess a simplistic password, but on computers using Windows XP, an account without a password cannot be accessed remotely by means such as a network or the Internet. (This option is not available for Microsoft Windows 2000, Windows Me, or earlier versions) Only use a blank password on your computer account if the following criteria are strictly met:
1. You only have one computer or you have several computers but you do not need to access information on one computer from another one
2. Your computer is physically secure (This would be where you trust everyone who has physical access to that computer)
3. When is a blank password not secure? The use of a blank password is not always a good idea. For example, if you use it on a laptop computer that you take with you then this is most likely insecure, so in this case you should always opt for having a strong password.

Changing Passwords

For On-line accounts

Many web sites have a variety of policies that govern how you can access your account and change your password. Look for a link (such as "my account") somewhere on the site's home page that goes to a special area of the site that allows password and account management. It might be something as simple as a link for "forgotten my password". Once found follow its instructions and usually a new login password is sent to you by email.

Your own Computer passwords!

Use the Help files for your computer operating system, these will usually provide information about how to create, modify, and access password-protected user accounts, as well as how to require password protection upon start-up of your computer. You can also try to find this information online at the software manufacturer's Web site.

For example, if you use Microsoft Windows XP; click on this link or type it into your browser.

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/default.mspx?mfr=true

Microsoft Link for managing your computer stored passwords

This Microsoft link will show you how to change passwords in your computer

Keeping Your Passwords Secret

You must always treat your passwords and pass phrases with as much care as the information that they protect. Once compromised they are if little use, here are some tips.

Don't reveal them to others. Keep your passwords hidden from friends or family members (especially children) that could quite innocently pass them on to other less trustworthy individuals. Passwords that you need to share with others, such as the password to your online banking account that you might share with your spouse, are the only exceptions. However, having said this most banks require each person to have their own password to access a bank account, so check with your bank or you could be forfeiting compensation should the worst happen if you have shared your password – even with your wife or husband.
Protect any recorded passwords. Be careful where you store the passwords that you record or write down. Never leave these records of your passwords anywhere that you would not leave the information that they protect. Always lock them away if you can and make sure the key is secure as well. There is little point in locking a written password in a filing cabinet only to lock it and leave the key in the lock or lying on a desk or table. Secure everything!
Never - provide your password over e-mail or based on an e-mail request. Be aware that any e-mail that requests your password or requests that you to go to a Web site to verify your password is almost certainly a fraud and a criminal trying to gain access to your information or worse your money. This also includes requests from a trusted company or individual. E-mail is an insecure method of communication just like a radio transmission it can be intercepted in transit, and e-mail that requests information might not be from the sender it claims to be. These are known as Internet "phishing" scams use fraudulent e-mail messages to entice you into revealing your user names and passwords, steal your identity, and more. Your bank or anyone else will not ask you for such details by email so never respond to any of these emails! To learn more about Phishing Scams and on line fraud you can follow this Microsoft link or type it into your browser.
http://www.microsoft.com/protect/yourself/phishing/identify.mspx
Change your passwords regularly. Changing your password regularly can help keep criminals and other malicious users unaware. The stronger your password will help keep it good and secure for a longer time. Passwords that are shorter than eight characters should be considered only good for a week or so, while a password that is 14 characters or longer (and follows the other rules outlined above) can be good for several years. So if you don't like changing passwords – make it as secure and as long as you can!
Don't type passwords on computers that you do not control. Computers such as those in
- Internet cafés,
- computer labs,
- shared systems,
- kiosk systems,
- conferences, and
- airport lounges
These should always be considered very unsafe for any personal use other than anonymous Internet browsing. Do not use any of these computers to check online e-mail, chat rooms, bank balances, business mail, or any other account that requires a user name and password.
Criminals and Hackers can easily purchase keystroke logging devices for very little money and they take only a few moments to install on a computer. These keystroke devices let malicious users harvest all the information typed on a computer from across the Internet—your passwords and pass phrases are worth as much as the information that they protect. Don't forget that, the criminal fraternity won't you can be sure of that!

Finally, what should you do if your password is lost or stolen?

Be sure to monitor and check all the information you protect with your passwords, such as

your monthly financial statements,
credit reports,
online shopping accounts, and so on.

Strong and memorable passwords can help protect you against fraud and identity theft, but there are never any guarantees, so stay vigilant.
No matter how strong you feel your password is, if someone manages to break into the system that stores it, they will have your password and any information it protects. If you notice any suspicious activity that could indicate that someone has accessed your information, notify the authorities as quickly as you can.

You can get more information on what to do if you think your identity has been stolen or you've been similarly defrauded by visiting this Microsoft website – either click on the link or paste or type it into your browser address bar.

http://www.microsoft.com/protect/yourself/personal/fraud.mspx

Be Safe!

Disclaimer: -

The information given in this newsletter is based on our interpretation of security on the Internet and computer security. If you are not sure about any of the items covered you should seek help from someone who does understand this subject. Artemis Media and Cumbria Business Portal cannot be responsible for your actions once you have read this information. It is intended as information and not advice to any individual.

December 2007 Newsletter