Page 31 - ICT Nepal News Issue 01
P. 31
character set has a certain number change your password, the smaller password from exploiting multiple
of permutations. There are 26 the window of a compromised areas. Even adding a section
lowercase letters, but only 10 digits password being worthwhile. This somewhere in your password like
(0-9), so you can see how "potato" is why high security systems use "fb" for Facebook (eg: BuFFDuD3fb)
is more secure than "536871" from randomly generated numbers that will prevent most cross-site
the perspective of a machine running change every few minutes as part compromises, because once the
through different combinations of of their authentication model. attacker realizes the same password
characters. Changing your password on a regular won't crack the site, they would
. Common words. Brute basis may seem annoying, but it's then have to manually start guessing
force isn't the only method to nothing compared to dealing with a at differences, without knowing if
crack a password. A computer can com prom ised accou nt, identity theft, it's an entirely different password
run a "dictionary attack" against a or credit card fraud. altogether. The full effect of the
password very quickly, testing for Linkedln data breach has likely not
all real words, of which there are 4. Don't reuse passwords been seen yet. As email/password
relatively few, compared to the huge Alternating between passwords combos are tried at other sites,
number of character permutations doesn't have the same effect as users who relied on a single, static
possible. All of the sudden "potato" changing them to something new password will be compromised. This
isn't that great of a password after each time. Once a password is ripple effect to other systems follows
all. compromised, it can be exploited at major breaches every time.
Your password should be a any point in time, even years later,
combination of at least both as Zuckerberg found out. Reusing a 6. secure your reset options
upper and lowercase letters and password re-opens the vulnerability This step protects you against
a number (62 unique, reusable window for that password. people, rather than computers, trying
characters, with 8 characters in to hack your account. Be thoughtful
the password means 62 to the 8th 5. Different sites? diflerent with how your password can be
powel or 2.t83401].e+14 possible posswords. reset. Security questions and answers
combinations...) !nclude a special This is the one Zuck really got should not be information that is
character to increase complexity, but nailed on. Limiting the scope of your publicly available, easily searchable
make sure that character is supported password prevents a compromised or widely known to people who
by the mechanism you're using, as know you. Many people's accounts
some are not. Finally, you can find Most cloud services are hacked by people they know in
any number of password generators will let you track real life. lf you have an email account
online, which can generate extremely where a password reset request will
complex passwords. But you have be sent, make sure you have sole
to remember this. And when you access to that account and that it too
get down to step 5, having separate have access and has a strong password.
passwords for every account can be remove whatever
too much to ask with 18 character 7. pdssword monagers
ra ndom ly generated passwords. is unnecessary. If You can use a password manager
to store your passwords for you. The
3. Set a Reminder to Change Your major browsers all have password
Password storage systems, while cloud options
Some services require regular to close the entire like LastPass work from any computer
password changes, while some with internet access. There are pros
do not. lf they don't, it's always a and cons to this method:
good plan to change your password Pros Cons
regularly anyway. This step is about to do so could leave Don't have to remember all the
reducing the window of damage. our session cookies passwords. For browser managers
Going back to Zuck, if his password that
was obtained in 20t2, it has no available for the automatically log you in, it means
business still being in use in 20L6. A if your laptop is stolen, so is access to
simple reminder every six months or wouldn't even need to all of your accounts.
even a yearwould have prevented this No really, it's a lot of passwords to
old data breach from compromising remember. Single point of
anything. The more often you information. compromise for multiple systems.
(31) Inf NEPAL (fanuary 2017)