Blog Menu

Passwords

March 26, 2016

Filed under: Internet,life — Terry Wohlers @ 06:29

We have become bombarded with usernames and passwords. What does one do with all of them? More importantly, what is the best strategy for creating new passwords? I’ve learned the hard way, so I am passing along what might help you to prevent a problem or worse.

Make passwords long and complex. An example is k7*S+4c2$8R. Strength checkers, such as passwordmeter.com, will score a password on a scale of 1 to 100. I would not enter a real password, but you can try something similar by substituting like characters. Short and simple passwords, such as “sunnyday” are easy to crack.

passwords

In 2011, according to Wikipedia, commercially available products could test up to 2.8 billion passwords a second on a standard desktop computer. This means it’s possible to crack an all upper or lower case password of 10 characters in one day. Today’s computing is much faster.

Using the same password for multiple accounts is ill-advised. Make each one different, long, and complex. Managing all them is another issue. Password managers are available, although I have not used any of them, partly because our IT guy is not a fan of ’em. Those that are highly ranked by PC Magazine are Dashline 4 and LastPass 4.0 Premium.

Bottom line: do not take passwords lightly. Make them complex by mixing upper and lower case letters, numbers, and odd characters such as @#$^()=?><!~%*+&. And, make them long. For each character you add, the strength of the password improves exponentially. (It’s not linear.) Having an account hacked due to a short and simple password can make your life miserable, and it can be expensive too.

Spear Phishing

March 13, 2016

Filed under: Internet,legal,life — Terry Wohlers @ 08:11

Phishing is the use of email to capture usernames, passwords, credit card or bank details, and other information, for malicious reasons. The email gives the appearance that it’s from a person or organization you know, hoping that you will click a link in the email or open an attachment. You have probably received one or more of these emails, so I hope you have not fallen victim to any of them.

cyber

Spear phishing is similar, but takes the concept to another level. The email may open up by saying, “Terry, I’m sorry I missed you at last week’s event in Los Angeles. I wanted to show you the following,” with a link waiting for you to click. Alternatively, it might ask you to open an attached file. The email may include other personal details, leading you to believe it is person in your field or a friend. Due to this personalization, a percentage of people will fall for the trick and click on the link or open the file. The consequences can be dire.

My advice is to question all emails. If you receive an unexpected email like the one above, reply with a question that a stranger could not answer. For example, say, “I want to validate the authenticity of your email, so can you say what I was wearing that day?” Whatever you choose to ask, make it impossible to answer, unless the person is genuine. The bottom line: be careful because phishing and spear phishing can cause significant damage.