HDCS Presents: The Art Of Secure Passwords

In the digital age, we use passwords for everything. We use them so often that it can be easy to be lax about choosing them and keeping them safe. We use so many of them that we may think it is just easier to use the same password for everything so we don’t forget it. Many people do this, putting at risk their bank account, e-mail, personal information and identification.

We at Help Desk Computer Services care about our customers’ safety. Our professionals have honed computer security tips and are eager to share this knowledge with our clients as one of the many services we offer. We believe password security is so important that we want to offer the following advice for free to all our customers and potential customers.

Our network engineers have developed the following strategy to ensure passwords are unique, secure, and difficult to crack. Here are the bulletpoints before we go into more detail:

• Do not use any words found in the dictionary.
• Do not be too long or too short. (Generally stay between 8 and 15 characters.)
• Use at least one capital letter.
• Use at least one number.
• Use at least one special character. This not only makes it more difficult for humans to guess your password, but it makes it harder for password cracking computer programs, too. The more variables you use in your password, the harder it is to guess. In addition to 26 letters to choose from, you have added 10 numbers as well as numerous special characters, adding an incredible number of permutations.
• Do not use double special characters. Example: Do not use () or $$ or !! because some websites do not allow special characters in consecutive order.
• Use part of the site name in the password. Example: For Facebook, PaS$w0rdFAC or for Gmail, PaS$w0rdGMA.
• Keep a list of sites that need a password, NOT a list of your actual passwords. Not only does this help prevent people from finding and stealing the list, it also helps you so you don’t forget a site the next time you change all of your passwords.
• Be careful with certain punctuation and special characters. For instance, the characters / ? ! # < > and \ can cause problems in passwords. Sometimes sites see these as attempts of database injections.

Yes. Try to stick to ASCII (American Standard Code for Information Interchange) characters. If you don’t, it can be easier to hack your password because non-ASCII characters can be interchangeable.

People should also avoid using double special characters in their passwords because some websites do not allow it. So now you have gone through all the trouble of creating a solid and consistent password system, and you have to now go back and change them all because one site will not allow for the double special characters and you still want your password scheme to be consistent. For instance, you could make the word “password” more difficult by spelling it p@ssw()rd, but we at HDCS have seen instances where a website will not allow this. Likewise, choose your special characters carefully. For example, the greater and less than symbols, < and >, can be problematic because when usernames and passwords communicate with a database, hackers will use these forms to gain access by doing “SQL injection statements,” and these statements are nothing more than a line of code, which use the < and > symbols. By using these symbols in a legitimate password, a website may not allow for it because the site could think that it is an inject and not allow it.

Yes, your passwords will be different, but your convention will be the same. If your password for Yahoo is $ometh!ngH3reYAH, then your password for Amazon would be $ometh!ngH3reAMA. The three or four characters of the site name can go anywhere in the password, but that is how you would differentiate each password and still remember them without writing them down.

This is people’s biggest mistake next to keeping a printed list of all their passwords. If someone guesses your password once and all of your passwords are the same, that person has instant access to anything from your bank account to e-mail to online shopping accounts, and all the critical information within. Instantly they can have not only enough information to do immediate financial and personal damage, but they can easily acquire enough information to steal your identity, which could drag out damage for years.

Websites that store passwords use algorithms that once they have the “hash code” (a code or value generated to represent a piece of data) of the password, it can easily be decrypted. So say you use the same password for your bank account and a social networking site. If someone finds the hash code and goes into the database of the social networking site and finds your encrypted password, they can now easily decrypt it. Now, not only do they have your password into your social networking site and can write mean things on your friends’ pages and do other mischief, they also have the password into your bank account and can do far greater damage. If you use the same password for every site (or even just a handful of passwords,) then one breech in security can be devastating.

Passwords are stolen more often than you think. There is no way to know specific statistics, but there are millions of personal accounts of this happening, showing that it is critical to have a solid password system.

Passwords can be stolen in many ways. A hacker could use a dictionary attack, where a program uses every word in the dictionary to try to log in, hoping that it eventually finds a hit. Another common way is phishing, which is a way scammers try to gain passwords, usernames, credit card information and other personal information by pretending to be a trustworthy entity, such as your e-mail provider or bank. To protect yourself from this, never give out your password and other personal information unless the other person can prove who they say they are and it is absolutely necessary. Likewise, do not share your password with anyone, as you don’t always know who can be trusted.

Also, be wary of filling out online forms. Sometimes people fill one out that seems legitimate but is actually a faux site that was created specifically to steal that information. Another way to steal passwords is through brute force attacks, in which a program guesses millions of possible key strokes hoping to get the right combination. Although there is no such thing as the “perfect password,” following HDCS’s strategy can significantly reduce your risk of password theft because most often, the greatest danger in cracking passwords is them being too simple.

Bad passwords are words that can be found in the dictionary, contain no special characters and just maybe a number at the end. Example: Dragonfly2.

Using HDCS’s system reduces the need to change your password as often, but you should probably switch it every year or two or after major life changing events, such as break-ups, getting fired or firing an employee, angry friends, and burned bridges. If you have given your password out to various people, you will want to change your passwords more often, too.

For individuals, identity theft is one of the most devastating things that can result from stolen passwords. Once they have your password, they can easily gain the information needed to steal your identity and then use it for credit card fraud, phone or utilities fraud, bank fraud, government documents fraud, and many other types of fraud, such as getting a job using your social security number, renting a house or getting medical service using your name. Then, any delinquencies or harm that they do under your name can affect your records. It is then often extremely difficult to disentangle and prove that the damage was not done by you and therefore should not be your responsibility.

On a larger scale, serious information can be obtained and leaked when passwords are stolen and data is decrypted. For instance, in 2010, WikiLeaks obtained a large amount of information about the United States’ war in Afghanistan, dubbed “The Afghan War Diary” or “The War Logs” and published the information. This was said to be one of the biggest leaks in the U.S. military’s history, as the information gave specific details of the fighting in the first six years of the war.