Mar 8 2010

Poor ID Questions Weaken Security

Most of the time, when we fill out those annoying security questions while creating an online account, we really don’t think about what we’re doing. We don’t think about how secure our questions and answers are (or are not) and whether someone else could easily guess them and be able to hack into our accounts.

According to security researchers, this is a bad thing. It is far too easy to guess the answers to security questions such as someone’s mother’s maiden name (this information could easily be found online by a determined and persevering hacker). Research has shown that if hackers get three chances to guess answers, they could hack into one in eighty accounts.

Guessing the answers to security questions can allow a hacker to overwrite a password without knowing what it is. In most cases, it is not difficult to guess answers—a study conducted by Microsoft and Carnegie Mellon showed that seventeen percent of the answers to security questions could be guessed by people who knew the owner of the targeted account.

And there is more at stake when email accounts are hacked: access to a person’s email account can give access to other online accounts that require email registration. Because of this vulnerability, some email providers are trying to make their password reset functions more secure. For example, Google can send reset passwords by text message.

Via BBC News.

Jan 23 2010

How To Create Memorable Passwords That Won’t Be Hacked

Passwords are perhaps the most vulnerable element of computer security. They are the most commonly used means of protecting data, accounts, and other things you don’t want other people getting their hands on. Because of this, and because people often don’t take the time to create secure passwords, the password is the weak point in a system.

That is why it is very important to create secure passwords. Unfortunately, “secure” usually means “very random” and therefore not easily remembered. Still, there are five important suggestions you can follow to create both secure and memorable passwords.

1. Don’t use personal information in a password. A hacker could easily find out your name and other personal details, so don’t use these details in a password.

2. Don’t use real words. Password software can easily crack a password that has words found in a dictionary.

3. Mix types of characters. Use both uppercase and lowercase letters, and replace some letters in the password with different characters (like @ instead of a, and 0 instead of o).

4. Use a passphrase. Some programs can crack the character substitutions mentioned in point 3, so come up with a memorable sentence (like a quote from a movie) and use the first letter of each word in that sentence for a password.

5. Use tools. There are tools that can generate complex, secure passwords (unfortunately, these are often difficult to remember) and tool that can store complex passwords for you.

The bottom line? Passwords can be annoying, but they are, for now, necessary. So do your best to make passwords that are not completely obvious to guess, or buy a fingerprint reader.

Via PC World.


Site Value
My site is worth:
What's your
Site Value?

Popular Posts