Password-Protected
EmailYou sign up for a new e-mail account or go online at your bank. It asks you to make up a password. "Passwords must be at least six characters, and contain at least one capital letter, one lower-case letter, and one numeral," it says. So you take the logical route: you use your dog’s name. How many of us have passwords like "Fluffy1" for almost everything we do? According to a British computer-security firm called Sophos, about a third of people surveyed do the same thing. Probably for years. More HERE.
Sophos’ survey may be self-serving — their business depends on people’s sense of vulnerability online — but they have a point. Most of us get by just fine, but every now and then something like THIS happens: some inventive crook out there who writes a computer virus or "Trojan Horse" to gather up bank passwords and send them to a server in Russia. (And don’t think you’re safe if you use Firefox or have a Mac; the case above WAS a Firefox breach.) On the other hand, says the survey, 19 percent of respondents take their security very seriously, and use different passwords every time they need to make one up. Their risk of identity theft goes down, but it’s not much of a way to live.
Space Station Flies Over Eastern U.S. at Night 
RSS
Twitter
Facebook
One neat idea to remember your passwords is to get an ordinary address book with alphabetic tabs to record all of the various websites with their associated password. Then you have them all easily accessible…. just don’t lose the book!
The Brilliant Assistant
Posted by: Stefanie Schoonmaker | March 12, 2009, 12:45 pm 12:45 pm
Another way is simply to be smart enough to know to not fall for those fake emails that contains trojans and other viruses.
For me, it’s easy, given I always feel uncomfortable if I receive an email from someone I do not know, especially if it has an attachment. I quickly delete those emails, for it’s better safe than sorry.
Same with phishing emails. I know Ebay, PayPal, and other sites will not ever ask me for my information that they already have, so I do not fall for those.
So it’s not just a matter of changing your passwords, it’s also a matter of having Net Smarts. :)
Posted by: GWP | March 12, 2009, 1:07 pm 1:07 pm
“Their risk of identity theft goes down, but it’s not much of a way to live.”
As someone who is in the 19%, I can assure you my quality of life has not suffered by maintaining passwords too long or intricate to be remembered. I feel quite the opposite is true in fact. There are many software applications out there that will store your passwords in an encrypted database, so they will be kept safe when not needed. Many of these applications also have password generators built into them, so you create a truly secure password.
To me, it’s like airport security: you sacrifice a little convenience, but you gain a great sense of security!
Posted by: Matt | March 12, 2009, 1:11 pm 1:11 pm
Stefanie,
That violates the first rule of password security, which is NEVER write it down!
Posted by: Bob | March 12, 2009, 1:17 pm 1:17 pm
Stefanie Schoonmaker… Things are more complicated than that. Trojans can be embedded into graphics or videos so when a graphic or video loads the Trojan is loaded as well. E-mail is one of the many methods used. Many infections can happen on the internet without the victim ever opening an e-mail or file. There have been known cases of this on youtube, and even national news sites.
GWC…. No password is safe. Encrypted or not. Our government has way higher security than us home users and they even have issues. I would not recommend using any kind of database “secure” or not to save my passwords. Your only able to reduce risk not eliminate and by saving your passwords anywhere your risking losing those passwords to a 3rd party. You will always have someone out there who’s extremely intelligent that will develop a method or application to obtain the most tightly held information.
Posted by: Robert S | March 12, 2009, 4:52 pm 4:52 pm
You are just as vulnerable the day after you change your password as you were before you changed it because trojans don’t care they just seek and report.
Changing passwords regularly only foils the casual snoop who may stumble on the piece of paper where you wrote it down.
If you get a keystroke logger on your machine you’re toast.
There is a much stronger argument for making sure your anti virus anti malware programs are sufficiently robust enough and kept up-to-date.
Posted by: mork145 | March 12, 2009, 11:01 pm 11:01 pm
Matt – what good is a password generator? What one application can generate another can break.
No password is truly safe & we just need to accept that & be wary of all oddities that occur with our on-line works.
Posted by: kathy | March 13, 2009, 9:57 am 9:57 am
Information security based on a single level weak factor of protection is not sufficient to protect system integrity. There needs to be something more than something that we know involved in identification and authentication. The human is always the weakest link. We can’t remember 50 different passwords so we start to reuse them. Then it becomes ‘Get one, get all.’ It should be universally at a minimum biometric + token + pin; even today, we’re still not there yet…
Posted by: Michael | March 13, 2009, 9:58 am 9:58 am
Purchase a usb device like IRONKEY which
will remember every password, and allow you to use the most complex passwords of almost any length.
Posted by: Dennis | March 15, 2009, 5:26 am 5:26 am
Several of the comments are good:
Never write down passwords is the best. Approx. 65% of account/password compromises happen because of Social Engineering, passwords that are based on personal information, and family/friends.
The Trojan aspect is a concern as well, however anti-virus suites and safe web surfing will reduce the risk of an online compromise significantly.
Approx. 12% of all websites are considered to be infected with malware or malicious code. Be careful with web surfing, do not click on links in emails, and always type in the website address when possible.
The risk of personal information being compromised through a hack against a coporate network/website is something that we can’t do much about. For the rest; take your own security in to your own hands and practice good computer security.
Posted by: infosecspecialist | March 15, 2009, 6:18 pm 6:18 pm
The following is what I teach my IT class: a)Make sure u use strong passwords: at least six to eight characters in length, including letters, numbers, and punctuation symbols.b)Change these passwords at regular intervals. c)Since it is easy to forget changing passwords, use a numbering system. d)Don’t change the password itself but the number after the password.This should be done monthly until the end of the year.Then change the password 4 the newyear.Remember, the password changes yearly but the numbering system after or before it changes weekly or monthly.
Posted by: SingoStar | March 16, 2009, 1:42 am 1:42 am
Another way to help keep your passwords safe is with products like Billeo or Roboform that put in your passwords without any keystokes except for their initial entry. There are other softwares available too that do the same functions.
Posted by: Mike | March 16, 2009, 10:55 am 10:55 am
Some browsers like Yahoo, Firefox or videos like U tube ask u if you want them to remember your username and password.If u agree, then both yr user id and password are sitting ducks.What will stop an id thief or a hacker to simply sign in yr account and steal yr secrets and data when both yr username and password are there 4 everyone 2 see ? That practice should be discontinued as it a security risk.
Posted by: SingoStar | March 16, 2009, 3:06 pm 3:06 pm
An alternative that I would suggest is to use something like a Consonant, Vowel, Consonant, Consonant, Vowel, Consonant. Sound complicated? Think of how many words in the English language fit this mask (CVCCVC): Danger, Digger, Dogger, Logger, Mugger, etc. etc. Just being aware of the mask (plus possibly adding a Number at the end will simplify the remembrance of the password. Try it! You’ll like it!~
Posted by: Ken | March 30, 2009, 1:40 pm 1:40 pm
I wrote a password generator in a spreadsheet stored on a flash drive. It’ generates passwords of specified lengths and gives count of figs, uppers, lowers & punctuation. The sheet recalc generates new passwords. The operator watches and verifies that a site’s Figs & Ltrs requirements have been met & that punctuation marks are not included if the site prohibits them. Naturally, I generate passwords of the max length allowed by the site. Cagey fellow that I am, I drop recently used characters from the available alphabet. Passwords are entered at logon without benefit of the keyboard. The passwords are pretty secure. Remember, Class A encryption, for TSKY, used to be defined as secure for 24 hours (or was it 48?) However, changing passwords is far too simple on most sites. If the bad guys know anything about you, i.e. have targeted you, personally, they may well be able to hijack your account by changing the password for you! Service with a smile!
Posted by: wairgens | April 1, 2009, 7:31 pm 7:31 pm
Hi, Thanks Everone for the Great Comments and for sharing that Great Iformation. I have had several viruses on my computers over the years. Trojans the Password stealers and the like… You name it Crazy Viruses that reproduce, multiplying every 15 min… I too have used Roboform and would reccomend it to anyone.
I personally use Kaspersky antivirus and Prevx simotaniously. The Cool thing about Prevx is you can use it in addition to any antivirus you choose. Another Good antivurus is AVG. Both of which You can grab a free 30 day trial.
Have a AWESOME Day on Purose!
With Purpose!
Posted by: Darren Utke | September 1, 2009, 7:35 am 7:35 am