Page 31 - ICT Nepal News Issue 01
P. 31

character  set has a certain number  change your password,  the smaller  password from exploiting multiple
        of  permutations.  There are 26    the window of a  compromised       areas. Even adding a  section
        lowercase letters, but only 10 digits  password being worthwhile. This  somewhere  in your password  like
        (0-9),  so you can see how "potato"  is why high security systems use  "fb" for Facebook  (eg: BuFFDuD3fb)
        is more secure than "536871" from  randomly  generated  numbers  that  will  prevent most cross-site
        the perspective  of a machine  running  change every few minutes  as part  compromises, because once the
        through different combinations  of  of  their authentication  model.  attacker  realizes the same password
        characters.                        Changing your password  on a regular  won't crack the site, they would
           .   Common words. Brute         basis may seem annoying, but it's  then have to manually start guessing
        force isn't the only method  to    nothing compared to dealing with  a  at differences, without  knowing if
        crack a password.  A computer  can  com  prom ised accou  nt, identity  theft,  it's an entirely  different password
        run a "dictionary  attack" against a  or credit card fraud.           altogether.  The full effect of the
        password very quickly,  testing for                                   Linkedln  data breach has likely not
        all real words, of which there are  4. Don't reuse passwords          been seen yet. As email/password
        relatively few, compared to the huge  Alternating  between  passwords  combos are tried at other sites,
        number of character  permutations  doesn't have the same effect  as   users who relied on a single,  static
        possible. All of the sudden  "potato"  changing them to something  new  password  will be compromised.  This
        isn't that great of a password after  each time. Once a password is   ripple effect to other  systems follows
        all.                               compromised,  it can be exploited at  major breaches every time.
           Your password  should be a      any point in time, even  years  later,
        combination  of  at  least both    as Zuckerberg found out. Reusing  a  6. secure your reset options
        upper and lowercase letters and    password  re-opens the vulnerability  This step protects you against
        a  number (62 unique, reusable     window  for that password.         people,  rather than computers,  trying
        characters, with 8 characters in                                      to hack your account.  Be thoughtful
        the password  means 62 to the 8th  5. Different  sites? diflerent     with how your password  can be
        powel or 2.t83401].e+14  possible  posswords.                         reset. Security  questions  and answers
        combinations...)  !nclude a special   This is the one Zuck really got  should not be information that is
        character  to increase complexity, but  nailed on. Limiting the scope of your  publicly  available,  easily searchable
        make sure that character  is supported  password prevents a compromised  or widely  known to people  who
        by the mechanism  you're using,  as                                   know you. Many people's accounts
        some are not. Finally, you can find     Most cloud services           are hacked by people  they know in
        any number of password generators          will let you track         real life. lf you have an email account
        online, which can generate  extremely                                 where a password reset request will
        complex  passwords.  But you have                                     be sent, make sure you have sole
        to remember  this. And when  you                                      access to that account  and that it too
        get down to step 5, having  separate         have access and          has a strong password.
        passwords  for every account can be        remove whatever
        too much to ask with 18 character                                     7. pdssword monagers
        ra ndom  ly generated passwords.           is unnecessary. If            You can use a password manager
                                                                              to store your passwords for you. The
        3. Set a Reminder to Change  Your                                     major browsers all have password
        Password                                                              storage  systems, while cloud options
           Some services require  regular         to close the entire         like LastPass  work from any computer
        password changes, while some                                          with internet  access.  There are pros
        do not. lf they don't, it's always  a                                 and cons to this method:
        good plan to change  your password                                    Pros Cons
        regularly  anyway.  This step is about  to do so could leave             Don't have to remember all the
        reducing  the window of damage.         our session cookies           passwords. For browser  managers
        Going  back to Zuck, if his password                                  that
        was obtained in 20t2, it has no              available for the           automatically  log you in, it means
        business still being in use in 20L6. A                                if your laptop is stolen,  so is access to
        simple reminder  every six months or  wouldn't even need to           all of your accounts.
        even  a yearwould  have prevented  this                                  No really, it's a lot of passwords to
        old data breach from compromising                                     remember.     Single point  of
        anything. The more often  you                    information.         compromise for multiple  systems.



                                              (31) Inf NEPAL  (fanuary 2017)
   26   27   28   29   30   31   32   33   34   35   36