The OneMinute Geek :

Protecting Passwords

The Problem:

The first line of defense against hackers and other doers of no good is often a password. Passwords will help keep unauthorized people from accessing your computer, network, programs and files. Unfortunately, passwords are invariably the weakest component in your security system, because they are often easy to crack. To gain access, a hacker will try to steal your password, guess it or discover it. You'll want to make this process as difficult as possible, since once a hacker has cracked your password he can create a backdoor entrance to your computer, one you might never know about.

The Solution:

Stealing a password can be as simple as just asking for it. Many times a hacker will just call an ordinary employee on the network and masquerade as one of the grunts in the company's help desk. He may say that he is validating passwords, or feign some system problem, express his frustration and play on your sympathy. He may even be familiar with your colleague's names and your company's projects from other calls he’s made, but it’s all to veil his motive: to get you to give him your login and password so he can break into your account. Protect yourself by saying you’re in the middle of a project and will need to call (the real) network help desk later.

Another simple safeguard against password theft is to be sure no one watches you enter your password. Don't let anyone peek over your shoulder.

But, passwords can also be stolen in more surreptitiously -- through hardware or software secretly installed on your computer. These stealthy devices can record just about anything you do on your computer and can capture your email messages and credit card numbers. Some of them even work remotely, secretly emailing all your activities to an anonymous email address on the Internet. To learn more, visit these sites:

KeyGhost: www.keyghost.com

Key Logger: www.KeyLogger.org

Computer Monitoring Software: www.computer-monitoring.com

To protect against hardware based keystroke loggers, make sure that no devices are attached between your keyboard and the computer itself. To ward against software-based monitoring, check out www.moosoft.com, www.mlin.net/startupMonitor.shtml, and www.snake-basket.de/.

Here are some more tips that can make it difficult for even hard-core hackers to get your password and gain access to your computer or network:

1. Never post your password in or around your desk.
2. Install a firewall. You can get a free one at www.ZoneAlarm.com.
3. Change your passwords monthly.
4. Use different passwords for different accounts.
5. Don't share your password with anyone, not even with "the nice man from IT" who's on the phone.
6. Choose unique, hard-to-guess passwords with upper and lower case letters, numbers and symbols.
7. Consider biometric devices, like Sony's fingerprint scanner "The Puppy” which uses your fingerprint as a “password.”
8. Activate WEP on your wireless network and change the default settings of your router so it has a unique login and password.
9. Need help, choosing random passwords? Check out www.quickysoftware.com and www.RandPass.com. These sites offer software that can generate groups of passwords.

James Kerr is President/CEO of SuperGeeks, a Hawaii-based computer service and repair company (www.supergeeks.net). Please feel free to send your questions, comments and suggestions to Mr. Kerr. He can be reached at kerr@supergeeks.net and 942-0773.