Account security is a pretty basic concept where the motivation can be inferred from a possible hard-wired desire to keep others from getting what's ours. As humans evolved, we devised ever more complicated methods of securing ownership, but when computers, computer networks, the internet, communication systems, etc came into the picture- ahha, spawned the historical opponent wanting what's not theirs and the apparent, ever-increasing methods to get it: basically, the hacker and the hack.
I am not going to get into hardly any technical information because I simply don't have the knowledge of it. There are ways to snatch information off your personal computer/device or simply as it is being transmitted. I am not going to go into all the different ways this is done: that would take too long and involve methods that I don't understand well enough. So, how do hackers get into your password-protected accounts? Well, that actually doesn't really matter too much. This is because when what once worked no longer does, these imaginative "pirates of code" will exploit some other method. Now, since we are a little ways away from computers "really" being able to identify a person against an imposter, we are working towards that eventuality.
Biometric authentication is currently the evolving method of secure access. If you've ever seen various spy movies, you might remember seeing this. Typically, it involves a password combined with a technological identification of the authorized subject with a far more narrow window for the unscrupulous to be able to exploit. Fair secondary methods to a password that are advancing are: finger print, iris or retina identification, DNA, and even brain imagine techniques are being explored.
Motivation for bothering to write about this? I have been developing my password creation techniques for over ten years now. I invented fairly moronic and easy to guess passwords when I first started. As the power shifted in regard to information acquisition, I decided to up my game.
Here's the best tip I can give you is this: the more random and devoid of any discernible correlation to any aspect of your life (especially if your password contains ANYTHING that can be found out about you). There are many places on the internet that give OK advice on creating strong passwords that probably work just fine right now. Ask yourself this, do you want to make your password 'sufficient' or very secure? Now for the meat of the post: common mistakes and tips on making and remembering a very secure and complex password.
Don't:
-Use one word passwords. Reason: hackers can either guess or utilize code to figure it out.
-Use passwords using information about yourself or someone you know that can easily be acquired. Reason: you might think that your mom's middle name and part of your social security number should make a pretty decent password, but that information can be acquired through simple searches on the internet and incorporated in a hacker's toolbox of goodies. Avoid birthdays, addresses, names, social security numbers, phone numbers, how many kids you have, even your dog's name, etc.
-Use the same password for all accounts. This is hard because most people can't remember different, easy, insecure ones for the different accounts- how in the world is someone supposed to remember a bunch of complicated ones? The reason for not using the same password is that when a person guesses that one password, they suddenly have access to all your accounts and this can result in someone, in one swoop, acquiring a generous amount of power and can with one password, wreak havoc on your life.
*There are many more tips, but I wanted to move on from the Don't's because the Do's are more useful anyway.
Do:
-Use a combination of letters(uppercase + lowercase), numbers, and symbols. The more random and essentially meaningless, the better.
-The longer the password, the better. I can see this becoming a problem with using different and complicated passwords. Generally, people use shorter passwords because it's easier, but that can change if you train yourself to store the password in your mind.
Here are some things I've noticed about remembering passwords:
-Association: This helps by coming up with a password that you can remember by using a combination that your unique mind already has reference points to go on. A simple example is a line in a song you like or favorite prayer and using the first letters or last letters. Those are not examples of a secure sources of letters, but that method can be employed on low-risk accounts with decent effectiveness.
-"It's you!"- Using something you have never told anyone about, wrote about, or documented anywhere. For example: say your a woman (suppose men occasionally experience this) and your best friend's boyfriend in grade school, high school, registered a pervasive thought that was A) not something you told anyone B) not something someone could know any other way. This would be something unique to your mind, your memories, your psyche and becomes more secure the more obscure it is. Let's say you liked him or you thought he was scum and you simply never said anything or acted it out because, well, she was your best friend, right? This example was brought up as a useful possibility for a dating site (last thing you want is some asshole hacking your dating account and really screwing with your profile). Not a perfectly practical suggestion of mine, because a lot of people who date online have more than one account.
-Practice!!!- This one worked the best for me. Ever play a musical instrument? How does a person remember piano keys, positions on a trombone slide, or anything else? Well, pianists remember how to play without actively trying to remember what key, where the fingers should be, how to press the keys, etc. This is because storage and retrieval of that kind of information simply isn't the same as a name of something, a color, an emotion, etc. So, even if your password is: 9n745F*mx@8p, you can train your mind to store that piece of information by repetitively typing it and continuing to access the account regularly enough to maintain the memory (Similar principal with not doing something, as skill, for a while and go and try to do it and it seems to require more thinking to do it). Sometimes it's good to write down the really complicated and long passwords until you've got them practiced into memory then put those passwords somewhere safe (or destroy it if you'd like).
-Default rescue account- The idea behind this is that forgetting any of your passwords can and will likely happen; having an account with a strong password that's impossible to forget (for whatever reason) that your other accounts are linked to in case you forget the password, security question, or an account does get hacked (even bullet-proof passwords can be bypassed, sucks huh?).
Choosing this account is pretty basic: A) Choose one that has added security features (ie. security question, linkable to a separate device like a phone, biometric authentication capabilities are becoming more and more common and don't hurt) B) try not to use it for anything else C)Pick an account with a low-risk potential for becoming a target for a hacker (anything that is linked to a desired account in this manner has the potential for becoming a target.
In the end, the math on this is simple: if you have something a excellent hacker or better yet a government and/or well financed group with resources and skills wants, you're password might as well be "password". The evolution of an authentication that is 100% error-proof is really required in an age where a person's identity is sacred to that person but could be nothing more than a commodity to someone else.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment