Sierra Mountain Times

P@55w0rds

Passwords – a secret word, or perhaps a string of characters – are used to prove identity or gain access to something.

Historically, a sentry might challenge you to see if you had the correct password, or watchword. Today, passwords are more commonly associated with computers, mobile phones, ATMs, and your cable TV decoder.

A computer might require passwords for different purposes, such as logging into email accounts, or accessing your eBay account, or gaining access to the network at your office from home.

Passwords don’t have to be an actual word, in fact a jumble of letters and numbers is better, as it’s harder to break or guess.

There are many lists of the worst top ten passwords. One list I found at PC Magazine said their top ten worst were, 123456, qwerty, abc123, letmein, monkey, myspace1, password1, link182, and (your first name). Mark Burnett, in his book “Perfect Passwords: Selection, Protection, Authentication” says the top ten are 123456, password, 12345678, 1234, pussy, 12345, dragon, qwerty, 696969, mustang. He ranks “letmein” as number 11.

If you’re using any of these, you might as well not be bothering with password protection at all.

To make a better password, use one of the following methods. The further into the list you get, the stronger your password will be.

1.  Use personal information. A combination of your initials, your zipcode, your license plate, family or friends’ names, locations or pets. Don’t use any of these by themselves.

2.  Dictionary and foreign language words. Most people use between 10,000 and 40,000 words out of the dictionary, leaving 200,000+ new words to pick from. Or use a foreign dictionary to pick out something. Remember in a dictionary attack they’ll all fail.

3. Mixed case words. An example, PaSsWoRD.

4. Mixed case phrases. An example, ThisIsAPassworD.

5. Mixed case words with numbers. An example, PaSsWoRD39. Be sure to add more than just one number.

6. Mixed case words, numbers and letters. As an example, UR2good2Me.

7. Random characters (numbers, letters and punctuation or special characters) – use your imagination, but use at least 8 digits. 

No password is uncrackable if someone really wants in, so to speak. One writer estimated that a five character, all lower case password should be cracked in about 12 seconds using commonly available, free software tools. To check your passwords, use the free Microsoft password checker tool at tinyurl.com/55tqpa

Whatever type of password you choose, the best policy is to change it often, the more important it is the more often you should change it. The longer the password is, the harder it is to crack but the harder it is to remember and type accurately, too. I have one password that is 38 characters long, and is designed specifically to give the hacker that figures it out a good laugh. Because it uses only lower case letters, the Microsoft password checker tool doesn’t think it’s very strong.

The Massachusetts Institute of Technology has a webpage posted with dos and don’ts about passwords you can read at tinyurl.com/kj7vhl or you can read the words of the wisdom about how he’d go about cracking your password from the writer who made the 12 second guess above at tinyurl.com/36m94o

If you want to use a program to randomly generate a tough password for you – keeping in mind you’ll have to remember it and not write it on a sticky that you affix to your computer monitor – you might want to use the tool at PCTools.com (tinyurl.com/yzj923). I used the tool, telling it I wanted 8 characters (it’ll generate up to 64 character long passwords), and I wanted to include letters, numbers, mixed case, and no similar characters. It came up with 8e9eyeST which I’m not going to use, so you’re welcome to it but remember everyone else read it here, too, so that’s probably not good, either.

Phishing attacks up in July: Symantec has reported that phishing attacks “rose 52 percent in July while spam as a percentage of all e-mail stayed about the same,” according to an article by Lance Whitney at News.Cnet.com (tinyurl.com/m22gpg). He writes that “spam averaged around 89 percent of all e-mail in July” and adds “image spam, which sneaks past filters by embedding spam in an image, accounted for 17 percent of all spam at one point in July. Health-related spam declined 17 percent, while 419 spam (often better known as Nigerian hoax spam) rose 3 percent.”

Whitney says, “among countries where spam originates, the U.S. is still top dog, accounting for 25 percent of global spam. Brazil, South Korea and Turkey were also popular.” He also lists India, Poland, China, Russia, Vietnam and Argentina as countries where spam originates.

A phishing email is one that purports to be from your bank or some other company that you do business with that asks you to reply with personal information so that the “records can be updated” or data lost in a computer crash “can be replaced correctly” or some other similar bs.

No reputable company will ever ask you to reply to an email with personal information. Delete that sucker right away, and if in doubt, call the company in question and talk to a human.

Spam email is any unwanted email that you get with offers ranging from enhancement of numerous body parts to free money coming thanks to someone dying in Nigeria or wherever. Delete those just as fast.

Email questions to Marv at:

 marv.dealy@throck.com.

Marv Dealy founded Throckmorten Enterprises in San Francisco in 1988 and moved the company to Big Oak Flat in 1996. Open Monday through Friday, 9-ish to 5-ish (209-962-7308. The company provides technical support for HP’s webinars, professional website design, computer repairs, and has recently begun providing wireless ISP services. The company also publishes the Yosemite Gazette.