So, now just might be a good time to be thinking about what you can do to improve your security on the Internet. In some ways, it's a little like locking your door at night. Someone comes by, jiggles the knob, and finds it's locked — it's more likely they'll go break in someplace where it's easier.
So many websites require a password. How can you be secure, and still remember them all? That's a tall order. But let's start with the first question: How can you be secure?
Even experts take shortcuts they should know better not to take. Secure and insecure passwords and variations on a theme are common approaches to make passwords easier to remember. That's not the best practice. The best practice is to have secure passwords (upper-and lowercase letters, numbers and special characters, 12-14 characters or more long) that are generated entirely at random (not so easy to remember).
So to get an idea of how strong a password is, you might want to know how long it can take to crack on a desktop PC. To test it out, go to:
http://bit.ly/HowSecureIsMyPassword
Enter a sample password, and it will tell you how long it would take a typical desktop PC to crack it using a brute force exploit. For example…
• a four digit PIN number would take 0.001 seconds to crack.
• Doubling it (still all numbers) brings it to 10 seconds.
• Adding just four more (total of 12 numbers) takes it to a day.
• Six characters all lowercase letters takes about 30 seconds to crack.
• Add just one number takes it to two hours,
• and one additional uppercase character takes it 252 days.
You can see that length and complexity are the key components to a secure password. Now cracking time estimates are based on using a single desktop PC for the brute force attack. It’s possible using a botnet of zombie PCs (for distributed computing of a brute force attack) to bring that number down exponentially. If someone really wants to get in, they'll put some effort to it. All the more reason to use secure passwords, and not use the same passwords between work and personal sites, or even between multiple work related or multiple personal related sites. One site falls, your passwords for other sites may be vulnerable.
My server login, which is 12 upper- and lowercase characters with numbers and special characters would take 100 million years to crack (according to HowSecureIsMyPassword). If I add just two more characters, it would take 564 billion years. Jiggle that door knob, I think it's pretty likely the hacker is going to try someplace else — assuming I made it truly random, and haven't left it someplace easy to find.
So, the next question: With all these random passwords, how can you possibly remember them all? Who is going to go to that kind of trouble?
Fortunately, you don’t have to (and I can't frankly think of anyone who would).
There is a FREE plugin you can use with your browser that can create unique, secure passwords for every website you use that requires a login – and you don’t need to remember the passwords. It does that heavy lifting for you. All you need is one SECURE master password to login to your master library. You can remember one difficult password, right? Really. Just one.
This incredible product is called LastPass, named two years in a row by PCWorld as being the best password manager out there (the free version works on Windows, Mac and Linux; the paid version at $1 per month offers support for iPhone, Android and other mobile devices, too). You can find the free plugin here:
http://bit.ly/LastPassPlugin
Being so dependent on computers, mobile devices, the Internet and all those passwords, LastPass is a great deal. Check it out right now.
DAVID
No comments:
Post a Comment