Passwords and How They are Stolen

I posted a comment on  Angry 365 Days a Year about passwords.  The entry was entitled Passwords suck.  Most people don’t know a lot about passwords and password stealing.  My comment on the post was on how the passwords can be stolen:

Here are some of the ways people get passwords:
1) The downloading of keyloggers.
2) Hackers (if they have a known target) can port scan (check the open ports on a computer), find ports with vulnerabilities, and transfer data (such as a keylogger or R[emote]A[ccess]T[rojan]) through to the computer.
3) Hackers connect to a server of an email service, messenger service, etc., and run a brute force/dictionary attack. This is done by writing a program to continually try and rearrange letter combinations (brute force), or test all the words in the dictionary.

I forgot to mention shoulder surfing. Shoulder surfing might be the most common of all. People looking over your shoulder while you type your password is a serious security risk.  Another method is social engineering, which is someone tricking you into giving away your password (usually by pretending to be tech support).  A very similar way of getting passwords is phishing, by asking for passwords or personal information in email (or connecting you to a false site that will look authentic). Here’’s a little guide to making strong passwords:

 1)  Do not use words, known phrases, names, numbers, or personal information as passwords.
2) Use random letters and numbers in your password.
3) Use a mixture of uppercase and lowercase letters in your password.
4) If possible use special symbols such as $%.! in your password.
5) If you write your password down, do not put it out in the open. Shred the paper if you throw the password away.
6) Never trust anyone who wants your password.
7) Never put your password in plaintext on your computer (unencrypted text).

Here are some examples of weak passwords (in red) and strong passwords (in blue):

jimmy
girlfriend
11684
472385
mydoggie
1337

fo25vPEvMg42
dUI1OhanLINd5Ay
tym81MPty64
qmJ50cX85

Hopefully you can apply these tips to your passwords.

Cheers,

Ivan

MyPodcast.com, Free Podcasting Service

Okay, this is cool.  I recently found out about MyPodcast.com, a free podcasting service.  The only other way to do free podcasting (with unlimited bandwidth and space), is PodShow.com, and using Archive.org with a blog frontend.  I’m not a big fan of PodShow, and although I love the Internet Archive it’s hard to use it and a blog together.  It becomes difficult to manage.  I really love how the site doesn’t revolve around social networking (like many new podcasting services) and it integrates a blog (most services do).  If I ever do decide to Podcast, I’ll probably go there.

Cheers,

Ivan