Monday, 17 December 2012

The Importance of Passwords

Imagine what the world would be like if all the keys and locks were the same?

It would mean that you wouldn't need to remember which key goes where - you just pick up one key and can use it to lock-up your own house, visit granny without waking her up, surprise a few friends by calling in unannounced and look after the neighbour's cat while their on holiday. But there is a problem!

The problem of course is that dodgy geezer will also have one of these identical keys and can enter your house whenever they want.  They might find a diary of all your events and very personal information and an address book with all your contacts including sleeping granny.  Obviously its not a such a good world or convenient world  to be living in!

However, this is exactly what happens with online password security. Various studies and websites (such as InfoWorld) show that reusing passwords is very high. The problem is that if a malicious hacker breaks into a website and gain access to someone's email address and password, they then potentially have the ability to access a whole load more sites that the person uses.

So for example:

  • Bob registers himself onto a number of online shopping sites using the same email address and password combination.  He also signs up to social networking sites using the same details.
  • Dodgy Joe hacks into one of those online shopping sites and obtains Bob's email address and password.
  • Dodgy Joe then logs into Bob's email address using the password - Bob's used it for everything!
  • Dodgy Joe reads Bob's emails and finds that he shops on a number of other interesting sites and decides to order himself a new drum set with extra cymbals.
  • Dodgy Joe logs onto Bob's social networking sites and starts asking his friends for money.
  • Dodgy Joe uses information on Bob's social networking site to collect more information about Bob that might be useful in the future to commit ID Fraud.
  • Bob's announced on a networking sites when he is going on holiday for 2 weeks
    - will his house be safe?
  • Bob has registered with an online banking system - Dodgy Joe uses this information to commit a phishing scam by sending Bob a fake email that looks as if it has come from Bob's bank- Bob enters his banking details into the scam site and Dodgy Joe now has access to Bob's money.
  • Bob's not very happy!
Yes it might be a pain to have to try and remember lots of different passwords but the potential consequences of having a password breach would be an even bigger pain to deal with!

The worst type of password to use is a single word, especially "password" or "123456", as there are specially designed programs that can try to log on to sites by whizzing through a huge amount of words and numbers.  Sometimes people will try to use obscure passwords from their hobbies or pet names. So for example, the problem with this, is that if they've mentioned on a social networking site that they're a StarTrek fan, a hacker could see this and use a dictionary full of Star Trek words to try and find the person's password. Names of pets and mother's maiden name provide no security for the same type of reason.

A perfect password, would be one that's complete gobledegook containing letters and numbers. The problem however, is that people - including the legitimate user - don't remember gobledegook very well!

Therefore a better way is for each new website account, is to think of your own way of combining two or more normal words into a password that wouldn't appear in any dictionary - the addition of numbers and symbols would increase the strength of the password. 

No comments:

Post a Comment