Is your password safe?

This was a well known slogan during both World Wars. It also applies in today’s digital society. One of the necessary evils we’ve come to live with is the challenge to create, keep and use passwords effectively. Your bank account, ATMs, cell phones, voice mail, email accounts, web sites, and many other secure entities require your password. Most people see the requirement to use and change passwords regularly as a paint in the neck — many don’t bother. Unfortunately there are too many criminals on the loose who see your password as the combination to a safe. Most people also think their personal or company information would not be of interest to anyone. Thieves, criminals, and hackers could care less who you are. They know protected accounts can be utilized any number of ways to be profitable — and they’ll stop at nothing for money.

Why my data?

Those who are out to steal your sensitive data do so for many different reasons. Hackers who would break into your accounts are opportunists out to create petty vandalism and cause damage. Other hackers may be more interested in using your account to relay unsolicited bulk email (UBE or “spam”) or viruses to others, thereby implicating you while protecting themselves. While these are important intruders to protect yourself from, there are even more important reasons for making passwords difficult to crack or guess.

Organized crime has embraced the Web and Internet commerce as a rich hunting ground for revenue. They are particularly fond of eBay and PayPal accounts and the charge card info waiting to be tapped. But not only do criminals want your passwords for online accounts, they will utilize any information they can get their hands on… email, cell phone, charge cards, bank accounts — any information which can be surreptitiously used, converted to cash or even sold to other criminals.

Most recently, Homeland Security and the FBI have become painfully aware of the worst case scenario — widespread use of the internet and online crime to fund terrorist activities. al Qaeda is now training their operatives in the methods used by spammers and phishers to extract usable information from unwary email users — particularly ecommerce accounts that offer the possibility of quick conversion to cash. They have other, more insidious uses too. eBay accounts are particularly prized for setting up bogus auctions and fraudulent escrow providers for the specific purpose of accessing and obtaining accounts in bulk. Most prized by terrorist organizations are the fruits of Phishing. They know that of every thousand people at least a few will reply or fall for the scam. A million phishing spams will yield several thousand identities to be exploited, pilfered and abandoned.

If you think this is melodramatic consider the 35-year-old master mind of the ’02 Bali bombings, Imam Samudra, wrote a primer to teach Muslim radicals how to commit online credit card fraud. al-Qaeda sees this as a good way to fund their activities. Samudra’s confiscated laptop not only included acts of internet fraud but writings that suggest online card and bank fraud in the United States alone might become a key weapon in terrorist arsenals.

According to Richard A. Clarke, senior advisor to the White House on matters of counterterrorism and cyber security: the fight against spam and phishing is also the fight against the use and abuse of the Internet by terrorists.

The last line of defense against the spread of criminal internet activities is to prevent them from getting in. Your password is the most important weapon in that defense.

Best Practice

Protect online ID and passwords with diligence. Since there are so many ways to crack or break passwords, it is very important that all passwords be chosen with a great deal of care — and changed regularly.

· Never use less than 6 characters in passwords

· Always use at least one number

· Change passwords at least every three months

· New passwords should be very different from previous passwords (e.g. don’t just switch letters or add a new number)

How to invent a good password

1. Mix character case (e.g. f2N6swt4NN )

2. Utilize non-alphabetic characters digits and allowable punctuation.

3. Passwords should be easy to remember, but hard to guess, so you don’t have to write it down

4. Things not to do with your password:

5. Do not use your login name in any form

6. Do not use your first or last name in any form

7. Do not use your child’s, pets or spouse’s name

8. Do not use easily obtained information: license plate numbers, telephone numbers, car brands, hobbies, sports, pets, etc.

9. Do not use all letters or all digits

10. Do not use the same letters (decreases password search time)

11. Do not use a word in English or other language dictionaries

 

Easy strategies

Switch letters for numbers. Start with a normal word then replace some of the characters with numbers. Select a simple phrase then use just the first letter of each word interspersed with numbers. Be sure to vary case. “I Love Cherry Pie” becomes ILCP then add the year, change case and you’ve got: “2i0Loc5P” Spell words backwards, add numbers, change case.

Bottom Line

What ever your plan or scheme you must follow it religiously. The best systems are only as good as those who maintain them. Even if you think your little ID and password are of no consequence, consider criminals are hitting eBay, PayPal, Amazon and hundreds of other potential gravy-sites with automated systems testing dozens of word and letter combinations per second all day, every day. If they happen to hit your password, your account could take a big hit. You could be repairing your credit and identity for years. Worse yet, you could be providing financing for acts of terrorism or murder.

Pick a new password and change it today.