How to guard your password from hackers

Saturday
October 13,  2012

Technology

  Share Bookmark Print Rating

According to a recent British study, passwords are usually obvious: around 50 per cent of computer users select passwords based on names of a family member, spouse, partner, or a pet. Photo|FILE|  NATION MEDIA GOUP

By SAM WAMBUGU
Posted  Saturday, October 13  2012 at  16:41

In Summary

• The most popular password, according to management application provider SplashData is the word “password”. I’m not sure if it is funny or sad; that most people use the word “password” for their online accounts access.
• The second most popular in the English-speaking world is 123456, followed by 12345678.
• Also in the top 10 are ‘welcome’, ‘abc123’ and ‘qwerty’. They are easy to remember but also very easy to guess. Hackers too, know it.

SHARE THIS STORY

Have you ever been guilty of using 1-2-3-4 or something similarly simple and easily-guessed passwords? This is one way to get your account hacked.

If someone wants to target you specifically, there are two major ways of hacking your account.

One way is using a virus, a Trojan, a worm – various names for similar malicious software that is designed to infiltrate computers and make them do what they’re not supposed to do.

Such software can trick you in to entering your password and send it to the culprits by using fake websites, track your keystrokes or steal stored password.

Then there is the ‘brute force’ method – the culprit is trying to log in to your account by trying different passwords.

This is done through a simple script that uses a list of passwords to try – usually the popular ones are used first.

This is the same method that is used for mass account hacks – only that, instead of using several passwords for one account the latter uses first the same password across a multitude of accounts.

This is usually done in order to steal real account through which to spam. So if you have your account hijacked, it doesn’t necessarily mean someone holds a grudge against you; in fact, unless you have high security clearance offices that hacking may be targeted for stealing some important information.

The most popular password, according to management application provider SplashData is the word “password”. I’m not sure if it is funny or sad; that most people use the word “password” for their online accounts access.

The second most popular in the English-speaking world is 123456, followed by 12345678. Also in the top 10 are ‘welcome’, ‘abc123’ and ‘qwerty’. They are easy to remember but also very easy to guess. Hackers too, know it.

These prominent passwords were compiled from files containing millions of stolen passwords posted online by hackers. Conclusion? People really don’t learn on their own mistakes – or mistakes of their peers for that matter.

User passwords are the keys to the network kingdom, yet most users choose overly simplistic passwords that anyone could guess.

According to a recent British study, passwords are usually obvious: around 50 per cent of computer users select passwords based on names of a family member, spouse, partner, or a pet.

People usually use what quickly come into their heads when they think of passwords for good reasons.

They prefer to keep the number of used passwords and their complexity to a minimum as it is simply hard to remember them all – or which password corresponds to which account for that matter. This gets worse as we age.

One way to create longer, more secure passwords that are easy to remember is to use short words with spaces or other characters separating them.

For example, “wake up at 5!” or “poll_march_14th?” or “wife’s birthday”. Avoid using the same username/password combination for multiple websites.

You could also create a rule with which these passwords are generated. Once you have this rule, it will be easier to remember every password.

For example, you may use your base password with the first two consonants and the first two vowels of the service name.

Say your base password is ‘SAM’. Then your password for Yahoo email would be something like SAMYHAO, and your password for Facebook would be SAMOKFA.

You could also try using a password available manager application that organises and protects passwords and can automatically log you into websites.

Passwords are impracticable for most of us; the numbers of accounts that require passwords is said to be 20 to 26 and still keep increasing, whereas the number of passwords that humans can keep remembering is said to be no more than 3 to 5 with no hope of increasing.

But problematic as they are, we will live with passwords for the foreseeable future.

Sam Wambugu is a monitoring and evaluation specialist. Email: samwambugu@gmail.com