Improving the security of your password

Posted on October 14, 2009


Online email accounts recently had their passwords posted online, according to various news reports.

MSN, Yahoo! Mail, and Gmail accounts were affected. BBC News said:

BBC News has seen two lists that detail more than 30,000 names and passwords from e-mail providers, including Yahoo and AOL, which were posted online.

The lists also include details of thousands of Microsoft Hotmail users. Google said fewer than 500 of its accounts had been affected by the scam.

However, the search giant revealed that it had discovered a third list, but would not say how many accounts it showed.

Phishing involves using fake websites to lure people into revealing data such as bank account details or login names.

Wired reported that a researcher studied the list before it was taken down. They found some interesting thing about individual’s password.

A researcher who examined 10,000 Hotmail, MSN and passwords that were recently exposed online has published an analysis of the list and found that “123456″ was the most commonly used password, appearing 64 times.

Forty-two percent of the passwords used lowercase letters from “a to z”; only 6 percent mixed alpha-numeric and other characters.

Many of the top 20 passwords used were Spanish names, such as Alejandra and Alberto, suggesting that the victims were in Spanish-speaking communities. Nearly 2,000 of the passwords were only six characters long. The longest password was 30 characters — lafaroleratropezoooooooooooooo.

Now, I am no security expert. But I do use the web and have a lot of passwords. Here are some good tools to improve your passwords.

CNET suggests:

One solution is to use a password manager. There are several available programs and Web storage services, but the ones I’m most familiar with are RoboForm and Lastpass. These programs can generate passwords for you and remember them so you don’t have to. Both programs are, themselves, password protected, though you have the option of running RoboForm without a password or having Lastpass remember its own password on your PC. That’s OK as long as no one else has access to your machine. I recommend that you manually enter your master password on a laptop that could more easily fall into the wrong hands.

RoboForm has a free trial version that’s limited to 10 passwords after the trial ends. Lastpass is free.

Google suggests:

Problem 1: Re-using passwords across websites
With a constantly growing list of services that require a password (email, online banking, social networking, and shopping websites — just to name a few), it’s no wonder that many people simply use the same password across a variety of accounts. This is risky: if someone figures out your password for one service, that person could potentially gain access to your private email, address information, and even your money.

Solution 1: Use unique passwords
It’s a good idea to use unique passwords for your accounts, expecially important accounts like email and online banking. When you create a password for a site, you might think of a phrase you associate with the site and use an abbreviation or variation of that phrase as your password — just don’t use the actual words of the site. If it’s a long phrase, you can take the first letter of each word. To make this word or phrase more secure, try making some letters uppercase, and swap out some letters with numbers or symbols. As an example, the phrase for your banking website could be “How much money do I have?” and the password could be “#m$d1H4ve?” (Note: since we’re using them here, please don’t adopt any of the example passwords in this post for yourself.)

Problem 2: Using common passwords or words found in the dictionary
Common passwords include simple words or phrases like “password” or “letmein,” keyboard patterns such as “qwerty” or “qazwsx,” or sequential patterns such as “abcd1234.” Using a simple password or any word you can find in the dictionary makes it easier for a would-be hijacker to gain access to your personal information.

Solution 2: Use a password with a mix of letters, numbers, and symbols
There are only 26^8 possible permutations for an 8-character password that uses just lowercase letters, while there are 94^8 possible permutations for an 8-character password that uses a combination of mixed-case letters, numbers, and symbols. That’s over 6 quadrillion more possible variations for a mixed password, which makes it that much harder for anyone to guess or crack.

I use a Steve Gibson program called Perfect Password. It automatically creates personal 63 or 64 character passwords created at random that you can use. If you click refresh, it will create a completely new password. You can use the complete password or you can modify the password however you wish. It is completely safe and free.

Posted in: Computers, Internet