The Letter 'X' - Issue 3 [July 2009]

by Joseph Imperato Sr.

Passwords are the first line of defense against an army of thieves and hackers trying to break into personal and business systems in an effort to steal identities and corporate secrets. Unfortunately, most people do not take password security seriously. To prove it, let me ask you a few questions:

1. Do you keep a written list of passwords in your desk drawer so they are available whenever needed AND do you keep the key to your desk in an organizer or similar place on your desk?
2. Do you keep a file (such as a text file or Excel) on your desktop containing all of the logins and passwords for the various systems you need to access?
3. Do you use one master password to access the various programs you use on a daily basis?
4. Do you use “easy-to-remember” passwords such as: “12345”, “abcdefg”, your login name, social security number, pet’s name, etc.?
5. Have you ever given a password to someone who needed to access your system for a short time? Afterwards, did you fail to change your password?

If you answered yes to any of these questions — STOP IMMEDIATELY! You are placing your personal and/or corporate information at risk. Hackers and thieves know all of the “tricks” that people use to hide their passwords and they use sophisticated programs to swiftly guess them.

Here are some guidelines to creating and protecting those annoying but critical passwords:

1. First, never give anyone your passwords, let someone else access systems using your logins and passwords, or tell them where they are stored. This is basic security and VERY important.
2. Never use the same password for all of your systems. Using different passwords makes it much harder for a thief to break into all of your systems should he get lucky and guess one.
3. Avoid using personal information. Today’s identity thieves have sophisticated tools to gleam data from various systems about you, or worse — the person stealing your passwords could know you!
4. Use at least 8 characters; 15 is better. The longer your password, the harder it is to break.
5. Stay away from using common words. Thieves have programs that can check a whole dictionary in no time, using each word in a concentrated attack on your system to see which one gives them entry.
6. Use a combination of upper and lower case letters, special characters, and numbers. The more variation in your passwords the harder they will be to crack.
7. Change your passwords periodically. Corporate IT will usually alert you when it is necessary to change passwords. However, small businesses usually do not have this luxury. In such cases use MS Outlook to schedule password changes.
8. Use a pass phrase. A pass phrase is a sentence such as a line from a song, poem, or book that you can easily remember. Then use the first letter of each word as your password. It also would’t hurt to throw in a few numbers and symbols at the end to give the password added strength.
9. Use a password manager such as KeePass. KeePass maintains your list of usernames and passwords and encrypts them for added security. KeePass:
   1. Categorizes your passwords using folders so you can organize them according to system and usage.
   2. Suggests maximum-strength passwords for you! You can use your own or KeePass’ suggestions.
   3. Is an open source program and therefore FREE to use. We’ve provided KeePass as a free download in our July 2009 Newsletter. Download it and use it as part of your security arsenal.

I suggest installing the password manager on your server behind the firewall where server security and intrusion detection programs can keep watch over your system and alert you of any breaches.

Password security is a big deal. After all, it is often the first line of attack from hackers trying to steal information. However, this should not be the last word. Password security is an ongoing battle. As hackers create or purchase sophisticated programs to hack into systems, you should be on the lookout for better programs to thwart their assaults.

Thoughts, Comments, Concerns?