I encountered a recent event regarding passwords that illustrate a common problem with passwords, and it provides a perfect segue to this post:
A family member was contacted by a "hotmail administrator" via email asking for the user to validate that the account was being used, and also asked for the current password.
Shortly thereafter, my relative found that he was unable to access his account, as he was tricked into providing his password to a Nigerian scammer. Said scammers changed the password, and harvested the address book to send out a fake email asking for money.
The lesson to be learned here is that you should NEVER give anyone your password even if it appears legitimate, as email addresses, logos, etc... are easily spoofed.
Email accounts commonly have sensitive information (credit card numbers, account numbers, drivers license, ssn, addresses, phone numbers) that we send and receive through every day usage, and may also contain sensitive information about others.
This is why making sure that the accounts you use for email accounts, bank accounts, and for other things is kept safe and secure.
I rarely use "passwords", and instead opt for what is called a "passphrase" that combines several phrases mixed with numbers and symbols (so passwords can't be broken by dictionary crackers). IE - @nch0r@g399501@K - This translates to Anchorage 99501 AK - Which is decently long enough and combines letters, numbers, symbols but is something that I would remember easily enough.
Changing your passwords on a regular basis also helps (but not too often) make sure that any passwords stored and then stolen might not be currently active. I recommend changing passwords at least every 45-60 days, if not monthly.
You can also use a password generator to provide randomly generated passwords:
http://www.fourmilab.ch/javascrypt/pass_phrase.html - for wireless access points
https://secure.pctools.com/guides/password/ - online generator (i'd be wary about copying/pasting over a network - copy/pastes travel in plaintext over networks)
http://sourceforge.net/project/showfiles.php?group_id=149218 - downloadable (free)
I would also recommend using a password safe to store all of the passwords securely (it requires a master password to view the passwords that you store):
http://passwordsafe.sourceforge.net/ - (free)
Keeping your passwords strong and safe is one of the best defenses against fraud and identity theft, which are some of the more pervasive financial crimes these days.
http://www.securityfocus.com/infocus/1554 - Password myths, thought it might be a good read
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment