Hackers are getting smarter, but so are we

[FarangFarang]

Lesson? Don't pick easy to guess passwords. That means, 123456, your screen name, your spouse's name, etc. :-)

Hackers are getting smarter, but so are we

Published: 13/10/2011 at 12:00 AM

Newspaper section: Life

The recent hijacking of Prime Minister Yingluck Shinawatra's Twitter account made me give some serious thought to the matter of internet passwords and protection against hackers.

Although I was well aware of the risk of not changing passwords on a regular basis, I've never bothered to do so. Worse, I hadn't even got around to dreaming up different passwords for my email account, Facebook, Twitter, etc; I was just using the same one for them all. (Don't say you're guilty of the same crime, too!)

What happened to our PM make me decide to abandon my lazy old habits once and for all. So I called up a few experts and asked for advice.

The first person I thought of was Tony Waltham, a former editor of Post Database, our former IT section.

Rule No.1, he told me, is never to have a password that someone can easily guess. Never choose anything as obvious, for instance, as the name of your dog. Essentially, a good password should be at least eight characters long and not make up a word that appears in any dictionary. It should also, ideally, comprise both letters and numerals.

Yes. My old password did comply with that rule.

Secondly, he suggested I have a different password for every account or website I regularly accessed. This I had completely failed to do. To make it easier to remember, I had a single password for them all.

What I was doing wasn't at all safe, said Chalengpojana Buddharaksa, an old friend of mine who's an IT expert for a big consumer company. He said he had a trick to help me memorise different passwords for my email, Facebook, Twitter, LinkedIn, Foursquare, Google+ and Hi5 accounts.

His technique comprises four steps.

First, choose a word or word combination you like. For example, "sweethome". Then change some of the letters to upper case (sweEthOmE, say) and add a special character, like # (sweEthOmE#).

And then add a few letters that will suggest the name of the account you want to access. Finally, shove a number onto the very end. So my Gmail password could be sweEthOmE#GLE0, with sweEthOmE#ce0 being a possible Open Sesame for my Facebook account.

I figured this systematic approach would definitely help me create a series of sophisticated passwords. Then, all I had to do was pray that I could remember them all.

But if, like me, you have problems with your short-term memory, I have another suggestion from Waltham that might help.

"The best way is to keep a list close to you — in your wallet or purse or wherever you keep your credit cards," he suggested. "While you should try to remember your passwords, if you access many accounts on the internet this will be a challenge. You should always avoid keeping them in electronic form so I think that a slip of paper in your wallet or purse would be the best compromise."

But merely creating hard-to-guess passwords is not enough. You should also be careful not to disclose your password to a third party. Beware, for example, of websites or web services which ask you to provide your email password, reasoning that this will help them invite your friends or family members to avail of the same facility.

"This is very dangerous and you should always bear in mind that there are bad people trying to trick you into providing your password. (This is called phishing). If you get an email message from any 'organisation' claiming to be your bank, your email provider or an entity such as Facebook, etc, that says you need to log in with your password to verify your status (or for any reason whatsoever), be very, very suspicious —- and ignore that message," Waltham advised.

Furthermore, you should change your password occasionally, say every two months, and do so immediately if your computer or phone has been stolen.

Lastly, you should take precautions when you log on using a free or public wi-fi service or when you use computers in internet cafes. The first step is to delete any cookies you find cached in the browser. To do this, follow these steps: Click on "Tools" then select "Delete Browsing History" and then delete the cookies one by one or go for the "delete all" option. Then make sure to close the browser or reboot the computer before you leave the location.

"Indeed, public wi-fi spots [including those in hotels] are high-risk areas, as hackers may be able to access your computer while you're connected to these wireless networks. This is one reason why people should change their passwords from time to time. If you have the option, it's better to connect using a wireless internet connection that uses security (such as WPA) and which requires a password to connect," Waltham added.

And a special reminder to well-known people like the prime minister: You need to be doubly cautious about the security of your passwords. Since that hacking incident involved Yingluck's Twitter account, I doubt if she and her Twitter team had even complied with password security Rule No.1, mentioned above.

http://www.bangkokpost.com/opinion/opinion/261079/hackers-are-getting-smarter-but-so-are-we

[kaunitz]

http://howsecureismypassword.net/ tells you something about your password security. Just try it out and you will be amazed! On a desktop, hackers would need 19 years to hack mine

[Admin_2]

http://howsecureismypassword.net/ tells you something about your password security. Just try it out and you will be amazed! On a desktop, hackers would need 19 years to hack mine

Or a 19 year old Chinese kid in 19 seconds...

[FarangFarang]

I'm still amazed at password security in Thailand. Might also explain why Thailand seems to be the computer virus capital of the world :-)

[kaunitz]

I'm still amazed at password security in Thailand. Might also explain why Thailand seems to be the computer virus capital of the world :-)

What makes me shake my head is that people often know about but do not want to apply it due to various reasons (who should hack me, I'm different than others, I don't want to be with the mainstream [sic!] etc., etc...).

[FarangFarang]

What makes me shake my head is that people often know about but do not want to apply it due to various reasons (who should hack me, I'm different than others, I don't want to be with the mainstream [sic!] etc., etc...).

I'm guessing that half the people in Thailand have a password like 123456 or their username or their real name. Insane.

[kaunitz]

I'm guessing that half the people in Thailand have a password like 123456 or their username or their real name. Insane.

I think you're very moderate if your guess is only 50%

[FarangFarang]

I think you're very moderate if your guess is only 50%

I've mellowed with age :-)