The need to easily recall a PIN or a password tempts us to choose something familiar that we can easily recall. It also tempts us to choose universal PINs and passwords that we can use the same ones for many purposes without having to remember more than one set. These are dangerous shortcuts that can often be easily broken by an intelligent identity thief.
A password based on the user's real name or log in user name should be avoided. Any password that is based on information that can easily be suggested by a little research into who you are should also be avoided: a partner's name, children's names, brand of car you drive, your telephone number or car license plate, the street you live in, your father's name, your birthday, and so on.
A popular way among identity thieves who are trying break a password is a dictionary attack. It simply involves trying a large number of words from the dictionary, in any language, in the hope that a normal word has been used. Similarly, words in reverse, common misspellings, or simple look alike substitutions (e.g. "1" for "i") are easily picked up.
A similar approach with attempts to break PINs is to start with easily remembered combinations, such as numbers in sequence, duplicated numbers or numbers representing years or birthdays.
A popular solution is to think of an easily remembered sentence, then to make up a password out of the first letters of the sentence. In this way, Lincoln's "A house divided against it self cannot stand" becomes the password "ahdaics".
Adding complexity to this password could be achieved with some upper case level letters, and including an "L" for Lincoln. By then adding the year Lincoln gave this speech we get: "AhdaicsL1858". It looks complex, but it's not too hard to remember the quote, the speaker and the year.
Most passwords are case sensitive, so using upper case significantly multiplies the difficulty of cracking this password. Some systems also allow the use of symbols in passwords, so we could add an easily remembered explanation mark and a number hash to make the password "Ahdaics!L#1858", which makes it quite a strong password.
This change has also added length to the password, which greatly compounds the difficulties for a would-be password cracker. There should be at least 8 characters, and ideally 14 or more as in this example.
You are usually more limited in your choices with a PIN, typically to 4 numbers. You should avoid repetition and choose random numbers, or a very obscure combination you can still easily remember, such as your boss's office phone extension two jobs ago in a company that has since closed down! Certainly avoid obvious combinations, such as parts of your telephone number or car license plate number, or the year you were born: these are areas where a thief with your card is likely to start looking and testing.
To keep your passwords secure you should:
- Use separate passwords in each use, not shared or common passwords
- Keep your passwords very secure, and shared only on a "need to know" basis.
- Change your passwords every few months
- Never use your passwords on a shared computer where key stroke logging software could possibly be installed (e.g. at a cyber cafe or public library)
- Never give your password to anyone pretending to be someone in authority: banks, for example, will never request your password or PIN.
0 komentar:
Posting Komentar