If you've been involved with social media then you've heard about the hacks on Facebook, MySpace, and Twitter. User accounts have been broken into and used to spread spam or links to sites carrying viruses or other malware.
Time and again, the reports try to drill into your brain that you need to make your password secure. But I've yet to hear anyone report on just what a secure password is!
In order to help correct that, I'm going to provide you a shortened version of what I provide my clients and students about creating secure passwords.
To appreciate how easy it is to hack a social networking account, you have to look at your profile the way a hacker does. Hackers know that most people use passwords that are easy for them to remember. That means that your profile contains much of the information a hacker can use to guess your password.
For example, many people will use the name of their dog, spouse, or child and their birth date to create a password. So, if you have all your family listed on your profile, along with the pet chinchilla and your birth date, that's the first thing any hacker will try.
So if you have a pooch named Rex, and your birthday is 07-17, a password of rex0717 is probably a bad idea. Similarly, your spouse, John with your anniversary date - john0422 - is also easily hacked. I think you got the picture.
These skills are called social engineering techniques and have been around since the dawn of hacking. But that's not the only tools these folks have at their disposal. There are freely distributed hacking tools programmed to run through the entire dictionary, along with combining numbers and characters to also break your password.
So, any use of a full word contained in the dictionary is also off limits for any part of a password.
By now I'm sure you're wondering how to create a password without using words, right? It's actually easier than you think!
Take some phrase or concept that's very meaningful to you and create a password from it.
Let's say that your favorite movie is the Wizard of Oz. You could use the phrase, "Follow the yellow brick road" to create the password. Or, Lions and tigers and bears, Oh my!
Using the yellow brick road phrase, you take the first letter of each word in the phrase to start the password. So you would use the f in follow, the t in the, y from yellow, b from the brick, and r from road. Now you can come up with a multiple combination of this by also switching the case on this phrase. Some of them might be as follows:
ftybr
FtYbR
fTyBr
FTybr
FtyBR
Now, you need to add something to the end or the beginning to make it even harder to hack because the longer the password is, the longer it takes for someone to process the multiple variations on it.
So, using the Oz from the title of the movie, you can substitute the o in Oz for a zero or number. Then your password may look like this: FtyBR0z.
To add even more length to it - thus making it even harder to guess, you could add: FtyBR0zL&t&b0m!
Did you guess the ending? Lions & tigers & bears with the zero representing the o in Oh my! And of course the m and exclamation point. But a tilde would do just fine also, as in: FtyBR0zL&t&b0m~
You see from that example that there are no words being used that are included in the dictionary, and no identifying information that could be gleaned from your social profile. Unless of course, you have as I do, Wizard of Oz listed as one of your favorite movies on your profile! Needless to say, this not my password!
Also, a word of caution. While this may keep you from getting your account hacked now, it doesn't mean that someone won't find a way to break your code and get in. So my advice to you is, don't use the same password for all your social networking sites. You can use the same theme, but switch things around so that in the event one account does get hacked, you don't give the hacker instant access to all your accounts.
A final word about social engineering techniques. Don't trust just anyone with your passwords or the phrase you use to create them. You just never know who you might be sharing that information with. And do not use a phrase you are recognized with.
A friend of mine is known for his tag line, "Show me the money." That would be the first phrase I'd guess if I was hacking his account. So make sure it's something known and meaningful only to you.
Now you know how to create a secure password!
Debbie Mahler is the owner of a female-owned IT company (http://mice.org) that works with individuals and small-to-midsized businesses with security solutions, networking, education, and online presence. If you liked this and other articles, please sign up for our free newsletters & get the free eBook: Why is my PC so slow? http://mice.org/lists/
0 comments:
Post a Comment