Monday, December 1, 2003		Feature

Protect your password
Sanjeev Bhatti

THE Internet has brought faster access to information related to both: business and personal. But we can’t also ignore the fact that malicious codes are also delivered through the Internet by hackers and crackers.

In order to save and secure information we need to implement some security policies. One biggest security breach is password that we use for accessing resources (printers, modems, files) from the network. Those users who don’t take pre-emptive action in keeping a password secure face high risk of losing information and misuse of their personal data.

For breaking into passwords, hackers use some special decoding programs that can be downloaded from the Internet.
The more difficult a password is, the more secure it is. For example, if a user chooses a one-character password that can be any upper- or lower-case letter or a digit, there are 62 possibilities. A cracking program can guess it quickly. Meanwhile, same 62 characters can be used to form 218 trillion eight-digit passwords. Unfortunately, users generally put the odds in the cracker’s favour by choosing easily guessed combinations.

Security specialists recommend the following guidelines:

• Use as many characters as possible (minimum six).

• Include upper- and lower-case letters.

• Include digits and punctuation marks.

• Don’t use personal information, such as names or birthdays.

• Don’t use words from a dictionary.

Techniques for creating effective passwords:

• Use a vehicle license plate. For example: "GR8way2B."

• Use several small words with punctuation marks: "betty, boop$car."

• Put punctuation in the middle of a word: "Roos%velt."

• Use an unusual way of contracting a word: "ppcrnbll."

• Use the first letter of each word in a phrase, with a random number: "hard to crack this password" becomes "htc5tp."

No matter how strong a password is, it can be guessed eventually. So passwords should be changed regularly. Additionally, users must never share their passwords, use the same password twice, or write it down at an obvious place. By securing their systems, creating strong passwords, and following safeguarding techniques, users can be much more secure.

Administrators should run security policies in order to protect passwords from hackers. Clipping levels should be activated. It means a count down should be done on wrong attempts and the account should be locked after following the clipping level. User should be forced to change passwords in 15, 30 or 45 days depending on the frequency of accessing logging on and logging off in order to access the information. Other security policy like minimum password length should be kept to 9 characters with no repetition of last 10-15 passwords, depending upon the frequency of accessing the information. Network administrators should copy the password file onto a standalone PC and should run any password cracking utility in order to check the strength of the password. Users shouldn’t send their password through e-mails, write on a piece of paper or in diary or create a document of all of your password and save it on your desktop. If you write password down, make sure that you keep it safe. Writing your password on a post-it note and then sticking the note to your desktop is asking for trouble.

In general, it is better to remember your password and not write it down anywhere. The passwords should be protected in the same manner as your credit card or bank account numbers.