Security 101: 1.2 Billion Passwords Hacked and YOU

10590485_1544622415761388_2121292101621360298_nFirst, the story. From USA Today.

I asked a friend who does computer security, what to do about passwords. Here’s a small primer. He wrote up his suggestions for the layman here.

1. If you have a password that’s under 12 characters long, it’s too easy to crack. Change it.
I’ve had a few computers come to me, at work, where I need to find out what the password actually was. Resetting the local administrator password on Mac/Windows/Linux is ludicrously easy. Finding out what the password is can be more difficult. I use software that uses something called a “Rainbow Table” to crack these passwords. Short passwords are recovered in a few minutes.

2. Don’t use the same password for “social” websites that you use for your bank or other financial institution.
If I’ve successfully cracked the Woodwind Forum’s password tables, the first thing I’d do is take that e-mail address and password and try it at a credit card company. Don’t use your work password at home (or vice-versa), either.

3. Use a password keeper and use that to generate your passwords.
At Gandalfe’s suggestion, I started testing a program called LastPass about two years ago. Since then, I’ve seen other techs in my company use it and I’m really quite happy with how it works. It’s not perfect — it doesn’t like entering the proper username and password on some websites — but it’s recommended. I just wish it’d work on everything, not just websites.

4. Remember that your e-mail account is where you recover passwords. Reset these passwords monthly.
Almost every website I enter a password into has a way to reset your password: they e-mail you at the address you signed up with.

5. For my sake, practice safe browsing.
I typically deal with malware and viruses where I work. An overwhelming majority of these problems come from people going to websites they shouldn’t or clicking on links in e-mails that they shouldn’t. Especially don’t go to someplace other than the manufacturer to download software. If you need Adobe Flash Player or an update, go to www.adobe.com, not www.peteshouseofmalware.com. There are fake installers out there for just about every one of those little plug-in programs.

6. Install some good antimalware and antivirus software and use it.
The best Windows products out there are free for personal use: Microsoft’s Security Essentials and Malwarebytes’ Anti-Malware. For Mac, Sophos is very good and also free for home use. I no longer tell folks that if they have a Mac, they’re probably fine. Get Sophos. Really. And do quick scans with all this stuff at least weekly and full scans monthly.

7 Don’t be stupid.
I’ve come across lots of users that have a document on their computer called something like, “My secret list of passwords,” and that document isn’t even encrypted — not that it wouldn’t be easy to crack (see above).

Advertisements

About Gandalfe

Just an itinerant saxophonist trying to find life between the changes. I have retired from the Corps of Engineers and Microsoft. I am an admin on the Woodwind Forum, run the Microsoft Jumpin' Jive Orchestra, and enjoy time with family and friends.
This entry was posted in Computers and Internet, FAQ, Guides, Security and tagged . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s