Posts Tagged ‘password’

From yahoo! news


The ideal password is, well, it’s probably not a word for starters. As the comic geniuses at online comic The Oatmeal put it, the ideal password is one that looks like a “cat took a 12 hour nap on the keyboard.”

But that’s not very realistic — people can only remember so many things, so many letters, uppercase, lowercase, random symbols, blah blah blah. So what’s your best bet?

We spoke with Marion Merritt of Norton Security about how regular people can create a solid password. Here’s the scoop so you can avoid your own personal Cybergeddon.

The passwords not to use
So, the basics. You don’t want to use dictionary words. You don’t want to use obvious combinations of letters and numbers. That would mean things like going across your keyboard like “WERTY,” or even something as bizarre sounding as “QAZWSX” is just going down the keyboard. The only reason I know about that one is, if you look at the list of most commonly used passwords, those are some of the things that show up.

The reason that even something like that becomes a problem is that hackers can use all the data from data breaches as a dictionary to launch hacks from. So even if it’s not something that makes a word, we know people use it as a password, which means it is something to avoid.

Always use a different password for your email
The piece of advice I give the most often is that of all your passwords, the most important is the one you use on your email. The reason for that is, every website you go to as a “forgot your password” feature. We couldn’t live without that feature because you’re always being told to create a unique password. So if a hacker has control of your email account they can change everything.

That one account password needs to be as unique and complex as possible. You never reuse a password. And when I say, ‘You never reuse,’ the reality is people reuse. They’ll come up with really great password and it’s super complicated but then they’ll use it everywhere. Which means, that if gets hacked or something goes wrong, you’ve given away the keys to the kingdom. So, again, the email password needs to be totally special.

Can password managers help?
What’s good about a password manager is it makes the whole process of creating unique and complex passwords and retaining and reusing them — it makes it really easy.

So I actually do recommend people use them. The Norton one is great because it encrypts everything and you can store everything in the “cloud”… so if you’re logging in from your brother-in-law’s computer to print out a boarding pass, you can log in from the cloud and get the passwords there. Norton and others provide those capabilities.

I’ll be the first to say that managing passwords has gotten worse, not better. Every site requires a password and because of that I think consumers have password fatigue. So, when people say, ‘I have my cool passwords that I use for email and social networking and then I have this one that I use for everything,’ as long as the ‘everything’ doesn’t include sites where you could lose money like your credit card, you bank, online shopping where you store credit card information, I’m less concerned…

If you’re logging into your hometown newspaper, and you have a standard password you use, there’s probably nothing too serious [that could happen], but if you get notified that there was a data breach for some program or some site you use, how are you going to remember where you used that password… So, you do have to be senseful. And that’s, again, why a password manager is so great. If you ever found yourself in a situation where you say, ‘Gosh, I was using 123456 and I know I shouldn’t have been, but I was’… a password manager can tell you where else you’ve used it.

How hackers can ‘guess’ your passwords
The way most websites work is, you can enter a password incorrectly three times and then you get locked out. It isn’t just the number of times, it may also be the number of seconds in between requests. The typical user is going to have some delay. A hacker fan run through an entire database in the number of allotted seconds. So, even though you think, ‘How could they do more than five attempts at my name?,’ they can. Not only do they have a database of dictionary terms, they also have a database of previously used passwords in addition to information available on social networks…

How to create super-strong passwords
There are different theories as to how to make a password strong. One is to take the first letter from each word from a sentence you have memorized. For example, “The duck flies at midnight but only if the moon is full.” Your password would then be the first letters of each word: Tdfamboitmif. Is that a good idea for a password? Well, here’s what great about it. You’ve come up with a unique phrase that won’t be in any dictionary and it’s not likely to be in any hack database unless you’ve used it before.

What’s bad about it — if it does get hacked and it’s the password you use everywhere then it’s as good as nothing. So I tell people to come up with a phrase and customize it for every website you use – for instance, by using letters near the ones you use on the keyboard, which is easier to remember.


Read Full Post »

PGP (Pretty good Privacy) is the most widely recognized public key encryption program in the world. It can be used to protect the privacy of email, data files, drives and instant messaging.

Traffic on the Internet is susceptible to snooping by third parties with a modicum of skill. Data packets can be captured and stored for years.

Even mail servers will often indefinitely store messages, which can be read now or at a future point, sometimes long after the author has changed his or her point of view.

Email, unlike a phone call or letter, is not legally protected as private communication, and can therefore be read by third parties, legal or otherwise, without permission or knowledge of the author. Many privacy watchdog groups advocate, if you aren’t using encryption, don’t include anything in an email you wouldn’t want to see published. Ideally this includes personal information as well, such as name, address, phone number, passwords, and so on.

PGP encryption provides privacy missing from online communication. It changes plain, readable text into a complex code of characters that is completely unreadable. The email or instant message travels to the destination or recipient in this cyphered form. The recipient uses PGP to decrypt the message back into readable form. Whether you are concerned about protecting privacy rights, a corporate whistleblower, or a citizen that simply wants to chat with friends without allowing people to “listen in,” PGP is the answer.

The simple but ingenious method behind public key encryption is based around the creation of a customized key pair. The key pair consists of a public key and a private key. The public key encrypts messages, while the private key decrypts them.

Using PGP, Mr. Wise would generate a key pair by entering a real name or nickname to be associated with the keys and a password. The two keys are interlocking algorithms that appear as small bits of text code. Mr. Wise can freely share the public key with anyone who wishes to send an encrypted message to him. For example, let’s say Mr. Wise gives his public key to Ms. Geek. He can copy and paste it into an email and send it to her “in the clear.”

Before using PGP please read this article.

Download PGP Freeware v.6.5.8 here (updated link)

Read Full Post »