Everyone must be aware that Sony had a load (millions) of email addresses and passwords nicked and I know of several other sites this has happened to.

 

Now, if these are then being sold on to criminals there is some basic security you should take to protect yourselves

 

DO NOT, like I have done (but not any more ), have the same password for everything associated with your email address. Change it by adding one to a number for example Password1, Password2 etc for each different site or use A, B, C as a suffix to make each one unique.

 

Just never forget the people are after your hard earned dosh just by using their computers. Don't let them get it !

 

Stay safe

Just to be annoying, since it's what I specialise in (Digital Security), although it's an excellent idea to have different passwords for different sites, don't just add 1, 2, 3 or A, B, C to your password for different sites, run different passwords entirely instead.

 

One of the main hacks available to people wanting to break into accounts, is a dictionary hack, it runs through a known dictionary of passwords (Something these hackers are likely selling on as you suggest) automatically trying each one, once it's gone through them all, it starts variations of them, for example, if everything has failed, including Password, it'll try Password1, after the numbers it'll try PasswordA. All of this takes no more than seconds to execute and is completely automated too.

 

Passwords should ideally be a minimum of 8 characters long, contain both letters, numbers and abstract characters, so for example %G3n1U5! is actually quite a strong password. Not all systems accept case sensitive passwords, but where possible a combination of upper and lower case letters is recommended as well.

 

Another misconception with 'users' is that they think a long numerical only password is secure, it isn't, that number WILL be tried in a brute force numerical attack and it WILL be broken.

 

Try not to use dictionary words, at least unless you're replacing several characters with both numbers and abstract characters, to the point that you and only you could even think up the combination. Try to make sure it won't make any sense to anyone else if written down, for example this is where my example password of the word Genius above falls down, it's relatively obvious to most what it is when it's written down. If it's obvious when it's written down, it's easier for others to remember.

 

/EndRant

 

Tony, very good subject to bring up and I applaud you for it.

Fair point, but a lot of people can't remember a password with special characters in, it may just be worth putting special characters at the end, the beginning, or every other letter in a pattern only recognisable to the person to make it easy to remember, or use txt spk for the ordinary words because they won't yet be in a dictionary !

txt speak isn't a bad idea, although I wouldn't count on them not being in the dictionary. Dictionary hacks are only called as such because they refer to 'a' dictionary of known passwords, not 'the' dictionary as in the Oxford English.

 

Putting abstract characters at the end, isn't good practice. Sure it makes for a better password than simply letters or just letters and numbers, but it is one of those 'variations' I was talking about before, if I use 'Password%' it's going to get hit in a dictionary hack eventually.

 

I tend to prefer using 3 different passwords, I have one for my work stuff, which is super hard to hack, I have one for anything that holds a credit card (Not that I let anything hold my credit card details often) which is also super hard to hack, then I have my every day one, for my computer, my forum accounts etc, which is relatively easy, although is still a mix of letters and numbers and abstract characters, but is much easier to type (It flows from my fingers, unlike the other ones where I have to stop and think). This allows my passwords not to get in the way of every day use, whilst still being strong.

 

Another tip is to use "incognito" mode or "private browsing" in Mozilla Firefox and Google Chrome, this ensures that your computer won't remember your credit card number/details as you type them. Sure the website you're using might use encryption and security protocols, but if your computers gets stolen, or used by someone you shouldn't trust, if they go to buy something and your credit card number drops down, that's not good. Browsers remember input by what the input field was named, so you'll notice whenever you're required to fill in your name, or select a username on the web, typically the browser has remembered what you "usually" choose and drops it down, that's because the web developer has probably named those fields "firstname" and "username", just like every other web developer has, so the browser sees that and thinks, I know the answer to this one. If the same thing happens with an input called "cardNumber" this isn't good. The incognito mode, prevents the browser from remembering these things.

 

Finally of course, you should always check the URL bar for security on the website. If you're using a modern browser, such as Google Chrome or FireFox 3 or 4, then if the website uses an SSL certificate, you should see quite clearly in the URL bar at the top, a not so subtle indication, that the site is doing so. This doesn't just check for the presence of a certificate either, it checks against known and trusted authorities that the site is who it says it is, it's like using a passport at customs, but over the web, your browser is the customs officer looking for proof of who the site is, the ssl certificate is the websites passport with one of them new digital chips in and the green URL bar is the rubber stamp from the customs officer letting you in once it's electronically spoken to various authorities and confirmed your identity :D

Oh and I've just realised on re reading I should have put in our variable markers, I didn't mean use PASSWORD as a password !

 

All you have to be aware of really is that these barstewards are out to get all you've got, car, money, credit card details etc.

 

You put a good lock on your front door, an alrm or immobiliser on the car, do the same on your puter !

well said.

If you struggle to remeber passwords then try spelling them with letters so

 

password could become pa55w0rd makes it much stronger and the 'word' is still the same.

Good advice from fellow IT Security pros !

If you can't remember your password get a program that stores all your passwords like password safe. You can then make up a password phrase that will open up your password file.

 

It is impossible to remember 100 8 character alpha numeric and special character passwords so if you have a lot which I do then this is the best thing available.

At the work as a personal joke when a new pc account is setup I set the default password to P455M3 which just means pass me but I think it's funny as the first letters are P45 and only a few people have noticed!

always use a combination of capitalised letters fullstops and lower case, a good password would be a favorite web address as it usually contains all of these and password crackers do not run websites as brute force attack.

 

in fact a website address with the http:// at the front as your password and a mix of UPPER and lower case letters with in the address is even stronger.

always use a combination of capitalised letters fullstops and lower case, a good password would be a favorite web address as it usually contains all of these and password crackers do not run websites as brute force attack.

 

in fact a website address with the http:// at the front as your password and a mix of UPPER and lower case letters with in the address is even stronger.

 

Great, know we all know your password is http://www.300zx.co.uk:clap:

Great, know we all know your password is http://www.300zx.co.uk:clap:

 

lol try it, bet its not :P

Great, know we all know your password is http://www.300zx.co.uk:clap:

 

More like midgetporn.com!!!!

More like midgetporn.com!!!!

 

ive changed it now, but it used to be bigtitswithbiggunsandfastcars.com lol