Safe Netting: Loose Lips Sink Ships
Is your password safe?This was a well known slogan during both World Wars. It also applies in today's digital society. One of the necessary evils we've come to live with is the challenge to create, keep and use passwords effectively. Your bank account, ATMs, cell phones, voice mail, email accounts, web sites, and many other secure entities require your password. Most people see the requirement to use and change passwords regularly as a paint in the neck -- many don't bother. Unfortunately there are too many criminals on the loose who see your password as the combination to a safe. Most people also think their personal or company information would not be of interest to anyone. Thieves, criminals, and hackers could care less who you are. They know protected accounts can be utilized any number of ways to be profitable -- and they'll stop at nothing for money.
Why my data?
Those who are out to steal your sensitive data do so for many different reasons. Hackers who would break into your accounts are opportunists out to create petty vandalism and cause damage. Other hackers may be more interested in using your account to relay unsolicited bulk email (UBE or "spam") or viruses to others, thereby implicating you while protecting themselves. While these are important intruders to protect yourself from, there are even more important reasons for making passwords difficult to crack or guess.
Organized crime has embraced the Web and Internet commerce as a rich hunting ground for revenue. They are particularly fond of eBay and PayPal accounts and the charge card info waiting to be tapped. But not only do criminals want your passwords for online accounts, they will utilize any information they can get their hands on... email, cell phone, charge cards, bank accounts -- any information which can be surreptitiously used, converted to cash or even sold to other criminals.
Most recently, Homeland Security and the FBI have become painfully aware of the worst case scenario -- widespread use of the internet and online crime to fund terrorist activities. al Qaeda is now training their operatives in the methods used by spammers and phishers to extract usable information from unwary email users -- particularly ecommerce accounts that offer the possibility of quick conversion to cash. They have other, more insidious uses too. eBay accounts are particularly prized for setting up bogus auctions and fraudulent escrow providers for the specific purpose of accessing and obtaining accounts in bulk. Most prized by terrorist organizations are the fruits of Phishing. They know that of every thousand people at least a few will reply or fall for the scam. A million phishing spams will yield several thousand identities to be exploited, pilfered and abandoned.
If you think this is melodramatic consider the 35-year-old master mind of the '02 Bali bombings, Imam Samudra, wrote a primer to teach Muslim radicals how to commit online credit card fraud. al-Qaeda sees this as a good way to fund their activities. Samudra's confiscated laptop not only included acts of internet fraud but writings that suggest online card and bank fraud in the United States alone might become a key weapon in terrorist arsenals.
According to Richard A. Clarke, senior advisor to the White House on matters of counterterrorism and cyber security: the fight against spam and phishing is also the fight against the use and abuse of the Internet by terrorists.
The last line of defense against the spread of criminal internet activities is to prevent them from getting in. Your password is the most important weapon in that defense.
Protect online ID and passwords with diligence. Since there are so many ways to crack or break passwords, it is very important that all passwords be chosen with a great deal of care -- and changed regularly.
- * Never use less than 6 characters in passwords
- * Always use at least one number
- * Change passwords at least every three months
- * New passwords should be very different from previous passwords (e.g. don't just switch letters or add a new number)
How to invent a good password
- Mix character case (e.g. f2N6swt4NN )
- Utilize non-alphabetic characters digits and allowable punctuation.
- Passwords should be easy to remember, but hard to guess, so you don't have to write it down
Things not to do with your password:
- Do not use your login name in any form
- Do not use your first or last name in any form
- Do not use your child's, pets or spouse's name
- Do not use easily obtained information: license plate numbers, telephone numbers, car brands, hobbies, sports, pets, etc.
- Do not use all letters or all digits
- Do not use the same letters (decreases password search time)
- Do not use a word in English or other language dictionaries
Switch letters for numbers. Start with a normal word then replace some of the characters with numbers.
Select a simple phrase then use just the first letter of each word interspersed with numbers. Be sure to vary case. "I Love Cherry Pie" becomes ILCP then add the year, change case and you've got: "2i0Loc5P"
Spell words backwards, add numbers, change case.
What ever your plan or scheme you must follow it religiously. The best systems are only as good as those who maintain them. Even if you think your little ID and password are of no consequence, consider criminals are hitting eBay, PayPal, Amazon and hundreds of other potential gravy-sites with automated systems testing dozens of word and letter combinations per second all day, every day. If they happen to hit your password, your account could take a big hit. You could be repairing your credit and identity for years. Worse yet, you could be providing financing for acts of terrorism or murder.
Pick a new password and change it today.
Participate in your Design Center
Lots of fun and information for all... don't forget, any community is only as good as the participation of its members. We invite your tips, tricks, comments, suggestions and camaraderie.
- Ask for the DT&G Monthly: to receive DT&G newsletter each month, happenings in the Design Center and regular columns like the "Mail Bag" and "Cool Sites"
- SUBSCRIBE : to the Designers' CAFE email list
- Link to this site, and then show us the link. We'll send you any of our current door prizes, just for your trouble.
- SUBMIT: a news link, new font, or product review
- Visit our Windows Shareware / Freeware Department
- REVIEW a website: posted by our readers
- SUBMIT a Website: for review in Web Design & Review
- Submit a Critique: of a popular web site, or YOUR web site!
- WIN PRIZES: in our "Question of the Month" column
- Meet Friends of the Design Center people who care!
- Become a Friend of the Design Center: and put your link on the front page
- Submit News, Views or your latest press release
- Submit your Software Review: shareware, freeware, fonts, graphics, utilities -- if you've found software you like, let DT&G readers know about it!
Learning, training, tips, tricks, and moreThe Design Bookshelf team reads and reviews the best books for the creative visual designer, desktop publishing practitioner and visual communicator. If you want to know it -- we'll show you the very best way to learn it... in the Designer's Bookshelf
Get more out of your computer: join a user group - There are computer clubs around the world called "user groups" where you find fellow computer users ready and willing to share a wealth of information. If you're not a UG member, you should be.. find a group at the User Group Network