Be Safe Online - Passwords

Be Secure on Line - Passwords

We have all heard of cybercrime, it's on the news and in the papers every week with warnings to all of us to protect our vital information or lose out big time to the new breed of technological criminal. Identity theft is a major concern to Governments, Banks, Businesses and Individuals across the globe.
 
But even with all the publicity about identity theft and cyber crime we still hear of people who are using their children's or their pets names as passwords and who don't shred bank statements or other personal information before they throw it away.
 
Some people use birthdays or anniversaries; in short we all like to use passwords that are easy for us to remember. The trouble is that anyone who knows you, given a bit of time would usually be able to work out the possible passwords that you will probably use and in doing this they could have access to your online banking and more.

So how do you stop that kind of thing happening?

Believe it or not there is a simple and effective answer to that question and it doesn't take a genius or computer whiz kid to put it into practice. Let us look at some of the ways you can protect yourself and sensitive data.

Here are some really useful tips!
Everything we seem to touch these days needs a password, does it not? But how do you remember all the passwords and how do you make them "strong"? So here are some good do's and don'ts on the subject.

1. Try not to use short passwords - short passwords may be easy to remember, but each time you add a character to your password it increases the protection that it provides many times over. All of your passwords should be at least eight or more characters in length; if you can create a password with fourteen characters or longer this would be ideal. 
2. Quite a few systems now are able to support the use of the space bar in passwords and where this is the case you can create a phrase made of many words, commonly known as a "pass phrase". For example a line for your favourite poem or book could become the start of a password for example: - "the quick brown fox jumps over the lazy dogs back" - anyone who has ever learned to type will recognise that phrase as one which us used to test typing and accuracy. Though you would probably not want to use such as well known phrase it does demonstrate what we mean by a pass phrase. If your software does not support spaces in passwords the simply take out the space and join the words together or fit a character in where the space would normally be. The good thing about pass phrases is that they are often easier to remember than a simple password, as well as being longer and much harder for a hacker to guess.  
3. Another way to create a strong password is to combine letters, numbers, and symbols. What you should always remember is that the greater the variety of characters that you have in your password, the harder it is for someone else to guess.  
4. The fewer types of characters you use in your password, the longer it has to be to provide the same level of security. For example; - According to Microsoft, if you create a fifteen character password which is composed only of random letters and numbers it is probably about 30,000 times stronger than an eight character password composed of different characters from the entire keyboard; so if you can't create a password that contains symbols with your keyboard, you need to make the password considerably longer to achieve the same degree of protection. Try to remember, an ideal password always combines both length and differing types of symbols. 
5. Make sure that you Use the entire keyboard; don't just use the most common characters on your keyboard, use as many as you can. By using symbols (which for example are typed by holding down the "Shift" key and typing a number) you are using characters which are very common in passwords but effective. Your password will be much stronger if you choose from all the symbols on the keyboard, including any punctuation marks that are not on the upper row of the keyboard, also any symbols which may be unique to your particular language settings. 
6. The Golden rule is - Make it easy for you but harder for them – Try to use words and phrases that are easy for you to remember, whilst at the same time being difficult for others to guess. The easiest way to remember your passwords and pass phrases is of course to write them down and contrary to popular belief, there is nothing wrong with writing passwords down, but if you do write a password or passwords down they need to be adequately protected in order to remain secure and effective.  
7. I think that we all accept now that you should never keep your pin number with your credit card, so in the same way - don't keep your written passwords stuck to your computer or laptop. Remember, In general, passwords written on a piece of paper are more difficult to compromise across the Internet than a password manager on your Web site or other software-based storage tool. As Long as You Keep Them in a Safe Place, don't loose them and don't share them you should be OK but don't share them unless absolutely necessary!  

Creating a strong, memorable password in 4 easy steps

1. Think of a sentence that you can remember. Use this as the basis of your strong password or pass phrase. Use a sentence which is memorable to you but probably means nothing to anyone else, such as "My Auntie Joan is one hundred and eighty three years old."  
2. Make sure you check that the computer or online system supports the pass phrase directly. If you can use a pass phrase (with spaces between characters) on your computer or online system, do so. You can then use your phrase for a password. 
3. If the computer or online system doesn't support pass phrases, convert the phrase to a pass - word. To do this, simply take the first letter of each word of the sentence that you've thought of to create a new, nonsensical word. If we use the example above, you'd get: "majiohaetyo". 
4. You can further strengthen the word by substituting characters for letters. Let's look at some of the alternatives: -
   • Mix upper and lower case letters and numbers  
   • Substitute punctuation marks for letters 
   • You might decide to use numbers instead of "eighty three" so your password would become majioha83yo. Or MaJi1ha8tyO; or with using characters it would become mAji!ha*£yo. 

   Having created your new safer password you can check its safely by going to this Microsoft website and using the secure online password checker by following this link or typing it into your browser. http://www.microsoft.com/protect/yourself/password/create.mspx

Here are some Password strategies to avoid

Some of the more common methods used to create passwords as we discussed earlier are really easy to guess by criminals and hackers.

Here's how you can avoid weak, easy-to-guess passwords

• Avoid sequential or repeated characters. Steer clear of stringing things together like "12345678," "222222," "abcdefg," or by using adjacent letters on your keyboard, they do not help you make secure passwords. There are numerous pieces of software that have been developed to analyse passwords for this kind of usage, so it won't take long for a criminal to break your week code.  
• Avoid using only look-alike substitutions of numbers or symbols. Criminals and Hackers who know enough to try and crack your password will not be fooled by common look-alike replacements, such as to replace an 'i' with a '1' or an 'a' with '@' as in "M1cr0$0ft" or "P@ssw0rd". But these substitutions can be effective when combined with other measures, such as lengthening the password, using misspellings, or variations in case changes from upper to lower and vice versa to improve the strength of your password. 
• Avoid using your login name. Try not to use any part of your name, birthday, National Insurance Number or similar information from your loved ones as this constitutes a bad password choice. This is one of the first things criminals will try and as we have said, there is software out there which they can set running and it comes up with all the potential alternatives reasonably quickly. This does not mean that any password you think of has the chance of being broken easily, but the longer it takes to crack the more they are likely to leave it and go on to one belonging to someone else that is much easier. Time is of the essence as the longer the criminal takes trying to find out what your password is the more chance they have of being discovered by your Internet Service Provider's security or your own computers security.  
• Avoid dictionary words in any language. Hackers and Criminals use sophisticated tools that can rapidly guess passwords that are based on words in multiple dictionaries, including words spelled backwards, common misspellings, and substitutions. This includes all sorts of profanity and any word you would not say in front of your children. So beware! Swearing in a foreign language is not a secure way of protecting yourself. 
• Use more than one password. You would be surprised how many people use the same password for everything from computer access to Internet Banking. Remember, if any of the computers or online systems using your password is compromised, all of your other information protected by that password should be considered compromised as well. It is critical to use different passwords for different systems. Never use the same password for your Internet Banking that you use for logging in to your computer or on line services or social websites like You Tube. This is very important and even more so for those individuals recently compromised by the Governments miss-handling of data relating to recipients of child benefit. In this case details could well be compromised for many years to come. If you are one of them you should be changing passwords and bank account numbers to protect yourself and your children, speak to your bank about this. They will help you. 
• Avoid using online storage. Earlier we said that computer based password managers are not as secure as writing down your passwords and keeping them in a safe place. If malicious users find these passwords stored online or on a networked computer, they have access to all your information. So be very careful!!! Though some password managers get good write-ups from IT Journalists and technicians we always feel that it is a step too far.  
• What about Using a Blank Password Option – Surprisingly, a blank password (no password at all) on your account is more secure than a weak password such as "1234". Criminals can easily guess a simplistic password, but on computers using Windows XP, an account without a password cannot be accessed remotely by means such as a network or the Internet. (This option is not available for Microsoft Windows 2000, Windows Me, or earlier versions)  
• Only ever use a blank password on your computer account if the following are strictly met:
  • You only have one computer or you have several computers but you do not need to access information on one computer from another one  
  • Your computer is physically secure (This would be where you trust everyone who has physical access to that computer)  
  • When is a blank password not secure? Whilst having no password at all may be more secure than having a short weak password, the use of a blank password is not always a good idea. For example, if you use it on a laptop computer that you take with you out of your home or office then this is likely to be very in-secure. If this is the case you should always opt for having a strong password. 

Accessing and Changing Passwords

For Online accounts
 
Web sites have a variety of policies that govern how you can access your account and change your password. Look for a link (such as "my account") somewhere on the site's home page that goes to a special area of the site that allows password and account management. It might be something as simple as a link for "forgotten my password". Once found follow its instructions and usually a new login password is sent to you by email.
 
For your own Computer passwords
 
Use the Help files for your computer operating system, these will usually provide information about how to create, modify, and access password-protected user accounts, as well as how to require password protection upon start-up of your computer. You can also try to find this information online at the software manufacturer's Web site.
 
For example, if you use Microsoft Windows XP, click on this link or type it into your browser.
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/default.mspx?mfr=true
 
The following Microsoft link will show you how to manage passwords which are stored in your computer
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/usercpl_manage_passwords.mspx?mfr=true
 
This Microsoft link will show you how to change passwords in your computer
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/windows_password_change.mspx?mfr=true

Keeping Your Passwords Secret

You must always treat your passwords and pass phrases with as much care as the information that they protect. Once compromised they are if little use, here are some tips.

1. Don't reveal them to others. Keep your passwords hidden from friends or family members (especially children) that could quite innocently pass them on to other less trustworthy individuals. Passwords that you need to share with others, such as the password to your online banking account that you might share with your spouse, are the only exceptions. However, having said this most banks require each person to have their own password to access a bank account, so check with your bank or you could be forfeiting compensation should the worst happen; even if you have only shared your password with your wife or husband. 
2. Protect any recorded passwords. Be careful where you store the passwords that you record or write down. Never leave these records of your passwords anywhere that you would not leave the information that they protect. Always lock them away if you can and make sure the key is secure as well. There is little point in locking a written password in a filing cabinet only to lock it and leave the key in the lock or lying on a desk or table. You Must Secure Everything! 
3. Never - provide your password over e-mail or to anyone based on an e-mail request. Be aware that any e-mail that requests your password or requests that you to go to a Web site to verify your password is almost certainly a fraud and a criminal trying to gain access to your information or worse your money. This also includes requests from a trusted company or individual. Just don't do it! E-mail is an insecure method of communication just like a radio transmission it can be intercepted in transit, and e-mail that requests information might not be from the sender it claims to be. These are known as Internet "phishing" scams and they use fraudulent e-mail messages to entice you into revealing your user names and passwords, so they can steal your identity, and more. Your bank or anyone else will not ask you for such details by email so never respond to any of these emails! To learn more about Phishing Scams and on line fraud you can follow this Microsoft link or type it into your browser. Typing links into your browser is always safer than clicking on a link! You can never be absolutely sure what lies behind an automatic link especially if it is not from someone you trust. http://www.microsoft.com/protect/yourself/phishing/identify.mspx  
4. Change your passwords regularly. Changing your password regularly can help keep criminals and other malicious users unaware and at bay. The stronger you make your password the more it will help keep you secure for a longer time. Passwords that are shorter than eight characters should be considered only good for a week or so, while a password that is 14 characters or longer (and follows the other rules outlined above) can be good for several years. So if you don't like changing passwords – make it as secure and as long as you can! 
5. Don't type passwords on computers that you do not control. Computers such as those in
   • Internet cafés,  
   • computer labs,  
   • shared systems,  
   • kiosk systems,  
   • conferences, and  
   • airport lounges  

   These should always be considered very unsafe for any personal use other than anonymous Internet browsing. Do not use any of these computers to check online e-mail, chat rooms, bank balances, business mail, or any other account that requires a user name and password.
     
   Criminals and Hackers can easily purchase keystroke logging devices for very little money and they take only a few moments to install on a computer. These keystroke devices let malicious users harvest all the information typed on a computer from across the Internet—your passwords and pass phrases are worth as much as the information that they protect. Don't forget this, the criminal fraternity won't - you can be sure of that!

Finally, what should you do if your password is lost or stolen?

Be sure to monitor and check all the information you protect with your passwords, such as

• your monthly financial statements,  
• credit reports,  
• On-line shopping accounts, and so on.  

Strong and memorable passwords can help protect you against fraud and identity theft, but there are never any guarantees, so make sure you stay vigilant.
No matter how strong you feel your password is, if someone manages to break into the system that stores it, they will have your password and any information it protects. If you notice any suspicious activity that could indicate that someone has accessed your information, notify the authorities as quickly as you can.
 
You can get more information on what to do if you think your identity has been stolen or you've been similarly defrauded by visiting this Microsoft website – either click on the link or paste or type it into your browser address bar. http://www.microsoft.com/protect/yourself/personal/fraud.mspx

Our thanks to Microsoft for some of these hints and tips.