October 14th, 2014
It seems like every week there is another news story about a business being hacked and user information stolen. Unfortunately, these attacks are outside of your control unless you go off the grid and use cash for everything. However – there are things that you can do to help protect yourself!
Some are easy. First and most important, don’t believe everything on the Internet. I hate to be the one to tell you but you haven’t won a foreign lottery if you just send money to process the transaction so you can collect your winnings. That’s almost as bad as Springfieldians sending “Happy Dude,” a.k.a. Homer Simpson, a dollar in season 7.
Second, always make sure to watch your email for phishing scams. These scams are getting better every year. The phishing emails now look cleaner and more professional, the English is better, and they are targeted. If you click a link in an email make sure that the web page is correct and it didn’t send you to a web page that is just similar. When in doubt always use Google to search for a business’s web page.
The last point is – passwords. Passwords truly are the bane of your online existence but they don’t have to be. As users we have all been conditioned to make complex, hard-to-remember passwords. We see the instructions every time we sign up for something: password must be at least 8 characters, password must contain at least one number, lower case, and upper case letter. We see this and then we go and create a password something like this G7d3X$nq. That is a good password – but frankly, I don’t have a chance of remembering that. I don’t think I’m in the minority admitting that. If you can remember that without a lot of work you should see if you can also count cards since there are table games in the Perryville Casino now.
There is an alternative to hard-to-remember passwords. Most websites now allow longer passwords so you can instead use a passphrase, which is a group of 4 or 5 words. Always use 4 or more words, that mean something to you and are easy-to-remember. You can associate the words with whatever the password is for.
Say I wanted to make a password for my library account. I would pick a phrase that I associate with the library that would be easy for me to remember like escapewithgoodscifi. Now if I take that and add a few capital letters to it, for instance EscapeWithGoodScifi that is even better. That wouldn’t meet the complexity requirements for some sites though because it lacks a number. But If I had to I could add a number into that that means something to me Escape279WithGoodScifi.
When you add numbers to a passphrase, you should avoid the common substitutions like 0 for o, @ for a, or 1 for i. Those substitutions are very common so they should be avoided. So I now have a 22- character password with numbers, upper and lower case letters that is easy for me to remember. Another benefit to this method is you can create a different password for every site easily and remember them. You never want to use the same password on multiple sites.
If you want to stop reading here and just accept what I said, great– please go forth and try out a few passphrases and see if you like it. Just remember to give it a little time to get used to the new idea.
For those of you that are still reading and wonder why passphrases work well, it all comes down to complexity. Simplifying the problem down, if you have an 8-character random password there are about 94 different possible characters on a standard keyboard which gives you around 6 quadrillion – 1 quadrillion is a 1 followed by 15 0s or 1,000 trillion – possible combinations of characters. That sounds like a lot but a computer can guess very quickly. Since we are looking at a simple example let’s assume a computer can guess 1 billion times a second. It would take a computer about 70 days to guess all possible combinations of an 8-character password if there are 94 different possible characters.
When we look at the passphrases we need to make a few assumptions. The Oxford English Dictionary contains about 250,000 different words. Taking into account capitalization of just the first letter raises that number to 500,000. So there are 62.5 sextillion –1 sextillion is a 1 followed by 21 0s – different combinations of 4 words in the English language.
If we then include the 3 numbers from our example passphrase it ends up being about 62.5 septillion —1 septillion is a 1 followed by 24 0s. I bet some of you never thought of numbers this high before! If I did the math right, which I’m not promising since that’s a lot of 0s to put into the calculator, a computer guessing 1 billion times a second would take about 1,981,861,998 years to guess all possible combinations. What’s the expected life of the Sun?
This was a simple example using very basic math but I’d feel confident in saying that my new passphrase for my library account was pretty secure. That doesn’t mean it couldn’t be compromised another way through phishing, my own carelessness, or being used as an example in a blog post.
If you are interested after making it to the end of this blog and I haven’t scared you away with math and very large numbers, I will be talking at a program at the Elkton Central Library on October 20th at 7pm about computer security for small businesses but a lot of the information can also apply to everyday life.
Have you visited the National Cyber Security Awareness Month site? Stop.Think. Connect.
Tags: ccpl free internet security program, cecil county public library internet security, cyber security, small business internet security class cecil county public library, stop. think.connect at ccpl