What's in a Password?

By Tsolum

Do you use the Internet to do your banking? Do you go on sites that need a password? How safe are you on the net? These were some of the questions I asked myself. To come up with answers I turned to some technology resources. It might surprise you what I found.

To set a good password is a bit of a hit and miss proposition for most people. Some use birthday dates, others their pet's name or spouse's name. Unfortunately, these are not strong passwords in this day of Internet use.Also, re-using identities on the net, as well as the passwords themselves, puts you at a lot of risk. "Re-using these identifiers puts people at serious risk of falling victim to identity theft," said the ITU (International Telecommunications Union) report. It called on regulators and businesses to find better ways for people to identify themselves to web sites.

Web sites, in their bid to identify users and track them are causing a proliferation of identities and passwords. "This may cause security breaches, and leave them vulnerable to the machinations of identity thieves (who are) ever increasing in number and inventiveness," said the report.

Hackers today will often use a dictionary style attack. This means they can very quickly use all of the words in the dictionary as well as common celebrity or sports names. For example, many people still use what they think is a smart technique of switching out some characters for numbers; for example, changing an A into a 4. That's a very commonly known technique and does not work anymore.

People who steal passwords for illegal use only have to go to social networking sites to get access to your passwords. It is reported that people give too much information out on these sites, like age, favorite film stars, favorite pet, and it does not take long for some of these experts to soon have an idea what password you are probably using.

A lot of people on line use only one password to make things easier to remember, but, this in itself is dangerous. Ideally you should have a password for each site that needs one and change it frequently. This means that you could have twenty or so passwords to remember. As they should be in upper and lower case letters as well as numbers, this is going to mean having someplace safe to store them.

There are many choices available, but, a new on line service from Box Knox is available and offers encrypted storage at no cost, while protecting anonymity. Personally, I prefer to keep my data on my own hard drive so I use a program like my password safe from the repository. It encrypts the passwords and has password protection. You can even generate new passwords and user names for each site. I find this quite satisfactory for my needs. I change all passwords once a month as well. Even then, complicated passwords, securely stored, do not mean you are safe.

"You can go and use Internet search tools like Google and you'll find lots of free tools that allow you to listen in to someone else's PC." said one security specialist, "Especially if you are a MS Windows user." Some of the banks in the UK are testing a new system. An alternative being considered by HSBC and the Alliance and Leicester bank in the UK, would have users run an application on their mobile phones to generate a second pass code. The ever changing second password may be the thing of the future. It may be the only way to keep users' secrets secret in the long run.

Let us hope that the day comes when we won't have to worry any more about these issues; until that day comes, be safe on the Internet and keep your private life, private.

Top