Monday, July 7, 2008

Passwords - the keys to your electronic kingdom

One fine day, my wife could not access her Yahoo email. It simply kept saying, "Invalid ID or password". She was working on a book and all her work was locked out. Panic set in. Even being married to a hacker didn't help. We were lucky to have recovered her account with great difficulty.

Someone had simply guessed her password, logged in and changed it. Through her email, they had access to most of her services: e-banking, frequent flyer account, social networks, and more. They could have opened an e-statement and requested for a password change to be emailed back.

The impact of a single password being compromised in today's digital age is tremendous. Until new identification technologies are standardised, the only thing that protects your electronic assets is your password.

How do you ensure your password's security? First, pick a complex password. Second, follow proper password handling practices. Password complexity involves the following:

1. Password length. Adding a single character increases password complexity exponentially. The minimum length is 8 characters.

2. Characters. Use a mix of upper and lower case alphabet, numbers and special symbols. A password of 8 alphabets can be guessed in 2 days. Adding numbers and symbols increases the duration to 2 centuries. Substitute numbers and symbols for certain letters, such as "1" for "i", "$" for "S", "@" for "a", etc.

3. Randomness. Your password should be cryptic. Names, dictionary words, birthdates, number plates, phone numbers, etc. make poor passwords. Choose a phrase and pick its first letters. Or choose two words and combine them with a symbol. Examples: "2B/not2B!" (To be or not to be), "Cy8er+W@tch" (Cyber Watch).

Measure your password's strength at

Lastly, let me discuss four vital password handling procedures.

1. Two is better than one. I use a very strong password for my work email, e-banking, etc. and another one for all other services.

2. Change your password periodically. Passwords have an expiry date - the time taken by a fast computer to guess them. Businesses require employees to change passwords every month, but I would relax the limit to 6 months or a year for home users.

3. Never write down your password. Passwords should only stay in your head.

4. Do not let websites "save your password on your computer". It becomes easy for malicious software to grab them.

Guard your electronic keys well!

P.S. Speaking of passwords, check out this poster I found at one of Net-Square's client's offices.

Published: Times of India, Ahmedabad, 9-Jul-08

No comments: