By Bruce Wilson on Tuesday, 06 November 2012
Category: Security

How do you keep your information safe on the web?

How not to be hacked

Using secure passwords and practicing safe email work habits are pretty much the top two things you can do to keep your information safe on the web. This article will deal with secure passwords; I'll write a separate blog that's all about safe email work habits.

One of my jobs at Formations is to keep our clients' database-driven websites from being hacked and used for something the client certainly would not want their site used for. One of the benefits of being in this position is the ability to see what passwords and user names the would-be thieves/hackers use to try to break into a website. It's really pretty basic. They run an automated dictionary system to enter user names and passwords at a very fast rate to try to hack your system. Here are some of the common words and number combinations they use to try to gain access to the website administrative side of a website: For the username they often try using "admin" — the default username on many web applications. Then for the password they start with common names like Kathy, Bob, Dustin, or they try number sequences like 123456 and so forth. They progressively combine the strings together until they hopefully hit upon the right one.

So how do you outsmart the hackers? For starters, always choose a username that is not a common word in a dictionary. For your password, create one that is at least eight characters long— 10 is even better. Make sure the password contains at minimum one upper and one lower case letter, one number and one symbol. Here is a good example: RtkNK44(pB.

Okay, the next question that you will immediately ask is, how do I ever remember that password?? Especially since you do not want to use the same password for multiple sites, like your bank, credit card, phone company, Facebook, etc. Well, you really don't want to write it down on a Post-it note on your computer. I know I'm making this more difficult with every word, but that is what you need to do to combat people with too much time on their hands and too much talent. There are a couple of tricks for remembering these convoluted passwords. The first one is my favorite (and no, I do not get a kickback for promoting them, although I should). It's a program called "1Password" (http://agilebits.com/onepassword). With 1Password, you remember one very hard-to-hack master password and the program remembers all of your other passwords for you. It also automates saving the passwords, making new ones for you, and keeping track of which password goes with which website. The program will sync its database with your work computer, home computer, smart phone, etc.

To make your master password will take a little work, but it's not impossible. This brings us to the second handy trick for remembering a difficult password: use a combination of words, numbers and symbols that mean something to you. Here is an example:

  1. Start with the name of a pet (NOT one that you talk about on Facebook).
  2. Then add your garage door code, or some other four digit code you remember that most people will not know. Don't use your home address number— remember these things should be a secret to the general public.
  3. Next choose a special character that means something to you, or ties in with this password you are making up. Add a $ sign because that pet of yours was really expensive to buy, or the @ sign because that pet lives AT the home where the garage door code is.
  4. And voila, your unhackable master password: Smokey@8732?

(Smokey is a favorite bird I once had; 8732 is the security code for my storage locker where the old cage is still stored; and the ? is for that new bird that I question whether I'm really ever going to get someday.) 

Leave Comments