To Make Hard-to-Crack Passwords, You Write the Rules

By now you’ve heard from countless experts that the best way to protect yourself online is to have hard-to-crack passwords for all your logins. “Don’t use any words that occur in the dictionary,” they say, “and don’t use easy-to-find information like your pet’s name or the street you live on.  And while you’re at it, forget about memorable number comPasswordsbinations like your address, your date of birth, or ‘123.’” Great advice, but if you’re also told never to write anything down, how on earth are you supposed to remember a string of numbers, letters, and characters you’ve intentionally made as random as possible?

The trick is to invent a simple set of rules that’s easy to remember and replicable across all sites.

Here are some examples. You wouldn’t want to use these specific scenarios, of course.

  • First letter of each word in a common phrase + four-digit number + ampersand.  To change the password – something you should do every six months or so anyhow – just change the common phrase, or start using the second letter of each word.
  • Site name + your first name backwards + four-digit number + same four-digit number with the shift key held down. To change the password, come up with a new four-digit number or start using your last name backwards.
  • Take two words and run them together with a numeral at the beginning and a symbol at the end. So, “Gandalf” + “sesame” would yield 2Gsaensdalmfe#.

The trend these days is toward “pass phrases,” often composed of song lyrics or idiomatic sayings, rather than passwords.  Why? Because password crackers can generate millions of guesses in a second. The more characters you have for them to work through, the longer it will take them and the greater the likelihood that they’ll move on to an easier target. In other words, length beats complexity.

When You’re Running Security Updates, Don’t Forget About Software

After years of reminders to run system scans and update your virus and malware definitions, you may finally be performing these tasks with some regularity. However, while you’re busy installing updates to your browser and your security settings, make sure you’re not forgetting to update Adobe Acrobat Reader, Flash, and other popular software products.

McAfee recently predicted that in 2010, Adobe would surpass Microsoft as hackers’ primary target.  Click here to read the full article from McAfee.  Once again, popularity has invited the attention of crooks: Acrobat Reader and Flash are very common programs, which makes them low-hanging fruit for hackers. PDF-based malware, in particular, is on the rise.

The problem is compounded by people’s tendency to ignore or forget the need to update the many different types of software they have installed on their machines. This may be due in part to the mistaken belief that as long as they have their antivirus definitions up to date, they’re protected from intrusion. Add to this the fact that, historically, some hastily issued security patches from makers like Microsoft have caused as many problems as they were supposed to fix. Finish it off with a healthy dose of end-user skepticism about the legitimacy of spontaneous prompts to update your software, and you can see why many people still run outdated — and vulnerable — versions of common programs. To this point, Microsoft is releasing a record number of patches on February 9th, tying October 2009 for the most security bulletins released in a single month. You can read the full announcement  at PCWorld.com.

At CMIT, we carefully review all recommended software patches before rolling them out to our clients’ machines to make sure they function correctly. If you’re not on one of our managed services plans and are installing updates yourself, do some research before you take any action. Is there recent news on any of the tech sites about new vulnerabilities in the program you’re about to update? Does the update that you’re about to download come from a trusted source? Make sure you can answer “yes” to these questions before you proceed.

If you’re ever in doubt about whether to install a security patch or other update to Acrobat Reader, Flash, Internet Explorer, or anything else, go ahead and check with us. Chances are you won’t be the first person who has asked about it!

Is your small business struggling with a mile-long “To-Do” list that lets important tasks fall through the cracks? Do you feel out of the loop and wish you had a simple way to get an overview of your major projects? Have you ever had trouble closing the loop on purchase approvals, client service issues, or business critical tasks? Sign up for our FREE WEBINAR on Thursday, February 25th at 12 pm CST and learn how you can run your office more efficiently by keeping track of tasks and processes. Click here to register.