Passwords
Last time, we talked about your computer’s operating system and the applications you use. This article, we’re going to step back a bit and show you how you can increase your chances of keeping unauthorized users out of your computer or computers.
Remember the game show Password? A contestant, usually a “regular” person, and a celebrity pair up and one the pair reads one-word clues to the other and he or she tries to guess that secret word, or password. The password is usually something simple, right? Well guess what? Most computer users make their password simple, too. In smaller organizations where rules on passwords tend to be somewhat lax, passwords for individual users can be one of the easiest ways for an intruder to break into a computer or a network. Once in, the unwanted intruder can do a lot of damage, steal information or render your programs inoperable.
Confession – I was an unwanted intruder … long ago.
You see, back when I was a young lad, working on an after-hours office cleaning staff, I got curious and foolishly started messing with a computer that was in one of the offices. I didn’t know a thing about computers back then, but I managed to turn on the monitor and start banging away on some poor slobs filesystem. I have no idea if I screwed something up, but I’m sure the user figured out somebody was on that computer that maybe shouldn’t have been.
My point in telling that little story is to warn users that, while you’re away, your PC may be used by people you wouldn’t want within 20 feet of your PC, let alone half a world away.
So … what can you do to protect the PC in your home or office? From the perspective of passwords – make them hard to guess. Some good practices in password include, but are not limited to the following:
• Use at least one numeric character in your password
• DO NOT use names of pets, children, siblings, superheroes, etc. I cracked a password in two tries at a workstation where the user had a “Marvin the Martian” figurine sitting on top of his monitor. I’ll give you two guesses as to what his password was.
• Use capital letters interspersed in your password.
• Change your password at least every 30 days.
Depending on your computer network, you may need to have the password rules modified by your system administrator to be more strict.
For a more complete guide on good password practices, visit Fermilab’s Computing Division at http://security.fnal.gov/UserGuide/password.htm
Also, Microsoft has a clever little tool that will tell you if you have a password that is weak (easy to guess) or strong. Follow this link: http://www.microsoft.com/protect/yourself/password/checker.mspx
Next time - Virus and spy-ware protection
