.
Volume 3, Issue 4

www.sdchamber.org

 

ESET Technology Corner:

Can I Guess Your Password?

One of the biggest security related mistakes people make is choosing a bad password. The biggest password mistakes are unchanged passwords, poor quality passwords, re-used passwords, and inappropriately stored passwords

Let’s start with inappropriate storage. We’ve all been told not to write passwords on a sticky note and affix it to the monitor. The truth, is it really depends on the environment. You may not worry about someone seeing a password on your monitor if you work from home. But leaving a PIN (a type of password), in your purse or wallet with the associated debit or credit card is a bad idea. Keeping passwords in a file on your computer only makes sense if the file is well encrypted, which probably means you have a password for the file. This method can be used with programs such as Password Corral.

Using the same password everywhere means that if someone does manage to get your email password, they can access large amounts of your life, including your bank account. There are a few cases where it may make sense to use the same password, but not for things like logging on to your computer, or anything financial or personal.

Poor quality passwords are the most common passwords in use. If someone can guess at your password and you use the same password everywhere, then all someone needs to do is learn one password to cause considerable harm.  Computers are very good at guessing passwords, and the key is to make the password more complex. A single word is a bad password. There are about a million words in the English language. It doesn’t take a computer long to try all of the words in an attempt to guess a password that is a word. Names are words. Words with a short number at the end are bad, but if you increment the number to change your password it is even worse.

Finally, if passwords are not changed on a regular basis, criminals have years to work on cracking your password. By changing your passwords regularly you can limit the harm done if a password is compromised and make cracking your password an exercise in futility.

For more in-depth information on creating a better password, visit www.sdchamber-members.org/TechTip.htm.  For more information about this tech tip or any general security questions, e-mail askeset@eset.com.