SlideShare a Scribd company logo

Fix Your Terrible Insecure Passwords

Tina Hancock
Tina Hancock

Article on password security techniques

Technology
1 of 4
Download to read offline
Fix your terrible, insecure passwords in five minutes. - B... http://www.slate.com/id/2223478/pagenum/all/#p2 BRIEFING NEWS & POLITICS ARTS LIFE BUSINESS & TECH SCIENCE PODCASTS & VIDEO BLOGS Search MORE TECHNOLOGY COLUMNS HOME / TECHNOLOGY : THE FUTURE AND WHAT TO DO ABOUT IT. Fix Your Terrible, Insecure Passwords Fix Your Terrible, in Five Minutes A foolproof technique to secure your computer, e-mail, and bank account. Insecure Passwords in Farhad Manjoo | July 24, 2009 Why 2024 Will Be Like Nineteen Five Minutes Eighty-Four How Amazon's remote deletion of e-books from the Kindle paves the way for A foolproof technique to secure your computer, e-mail, and book-banning's digital future. bank account. Farhad Manjoo | July 20, 2009 By Farhad Manjoo The World's Greatest Music Service Posted Friday, July 24, 2009, at 7:05 AM ET Spotify streams every song you'd ever want to hear for free—and it's not for It's tempting to blame the victim. In American ears. May, a twentysomething French hacker Farhad Manjoo | July 16, 2009 broke into several Twitter employees' Search for more Technology articles e-mail accounts and stole a trove of Subscribe to the Technology RSS feed meeting notes, strategy documents, and other confidential scribbles. The View our complete Technology archive hacker eventually gave the stash to TechCrunch, which has since published notes from meetings in which Twitter TODAY'S TODAY'S TODAY'S TODAY'S execs discussed their very lofty goals. PICTURES CARTOONS DOONESBURY VIDEO (The company wants to be the first Scoot! Web service to reach 1 billion users.) How'd the hacker get all this stuff? Like a lot of tech startups, Twitter runs without paper—much of the company's discussions take place in e-mail and over shared Google documents. All of these corporate secrets are kept secure with a very thin wall of protection: the employees' passwords, which the intruder managed to guess because some people at Twitter used the same passwords for many different sites. In other words, Twitter had it coming. The trouble is, so do the rest of us. MOST MOST READ E-MAILED Your passwords aren't very secure. Even if you PRINT 1. Let the Baby Have His Bottle? think they are, they probably aren't. Do you use Evaluating the dangers of bisphenol A. DISCUSS By Nina Shen Rastogi | July 20, 2009 the same or similar passwords for several different E-MAIL important sites? If you don't, pat yourself on the 2. The Depressing Cycle of Racial back; if you do, you're not alone—one recent RSS Accusation The arrest of Henry Louis Gates Jr. is about survey found that half of people online use the RECOMMEND... neither racial profiling nor playing the race card. same password for all the sites they visit. Do you SINGLE PAGE By Richard Thompson Ford | July 23, 2009 change your passwords often? Probably not; more 3. Fix Your Terrible, Insecure Passwords than 90 percent don't. If one of your accounts falls to a hacker, will he in Five Minutes find enough to get into your other accounts? For a scare, try this: A foolproof technique to secure your computer, e-mail, and bank account. Search your e-mail for some of your own passwords. You'll probably find By Farhad Manjoo | July 24, 2009 a lot of them, either because you've e-mailed them to yourself or 4. Yep, He's Gay I found evidence that my husband likes men, 1 of 4 7/24/2009 4:58 PM
Fix your terrible, insecure passwords in five minutes. - B... http://www.slate.com/id/2223478/pagenum/all/#p2 because some Web sites send along your password when you register or but he won't admit it. July 23, 2009 when you tell them you've forgotten it. If an attacker manages to get into your e-mail, he'll have an easy time accessing your bank account, 5. An Open Letter to Jon Stewart Bring back Leibowitz! your social networking sites, and your fantasy baseball roster. That's By Ron Rosenbaum | July 24, 2009 exactly what happened at Twitter. (Here's my detailed explanation of how Twitter got compromised.) Everyone knows it's bad to use the same password for different sites. Word of the Week People do it anyway because remembering different passwords is Are Microsoft and Google Faking it? annoying. Remembering different difficult passwords is even more Denny's Salty Shock annoying. Eric Thompson, the founder of AccessData, a technology forensics company that makes password-guessing software, says that most passwords follow a pattern. First, people choose a readable word as Please, Professor Gates! a base for the password—not necessarily something in Webster's but Will Downing in 'Classique' Form something that is pronounceable in English. Then, when pressed to add Officer Says He Won't Apologize a numeral or symbol to make the password more secure, most people add a 1 or ! to the end of that word. Thompson's software, which uses a "brute force" technique that tries thousands of passwords until it How Rappers Embraced Soft Power guesses yours correctly, can easily suss out such common passwords. Obama Is Blowing It on the Settlements When it incorporates your computer's Web history in its algorithm—all The World's Worst Healthcare Reforms your ramblings on Twitter, Facebook, and elsewhere—Thompson's software can come up with a list of passwords that is highly likely to include yours. (He doesn't use it for nefarious ends; AccessData usually Sex Among the Spineless guesses passwords under the direction of a court order, for military What's Playing in Your Toddler's Ear? purposes, or when companies get locked out of their own systems Abortion and the Health Care Debate —"systems administrator gets hit by a bus on the way to work," Thompson says by way of example.) U.S. Hunger For Fish Byproducts Not As Strong As First Imagined Security expert Bruce Schneier writes about passwords often, and he distills Thompson's findings into a few rules: Choose a password that Bad Lab Results Often Unreported doesn't contain a readable word. Mix upper and lower case. Use a Potato-Faced Youngster Lauded For number or symbol in the middle of the word, not on the end. Don't just Memorizing Primitive 26-Character Alphabet use 1 or !, and don't use symbols as replacements for letters, such as @ for a lowercase A—password-guessing software can see through that Obama Uses Funding to Get Education trick. And of course, create unique passwords for your different sites. Changes Poll: Palin's Favorability Dips RELATED IN That all sounds difficult and SLATE Health Reform Deadline in Doubt time-consuming. It doesn't have to be. In Schneier's comment section, I found Farhad Manjoo recently explained a foolproof technique to create the concept behind Twitter and Inside Russia's First School of Rock passwords that are near-impossible to whether joining Twitter is Madonna's Latest Catholic Controversy necessary. In 2004, Paul Boutin crack yet easy to remember. Even The Science Behind Cancer Prognoses argued that we really don't want better, it'll take just five minutes of Internet security. Plus, Josh Levin your time. Ready? on stupid bank security questions. Start with an original but memorable phrase. For this exercise, let's use these two sentences: I like to eat bagels at the airport and My first Cadillac was a real lemon so I bought a Toyota. The phrase can have something to do with your life or it can be a random collection of words—just make sure it's something you can remember. That's the key: Because a mnemonic is easy to remember, you don't have to write it down anywhere. (If you can't remember it without writing it down, it's not a good mnemonic.) This reduces the chance that someone will guess it if he gets into your computer or your e-mail. What's more, a relatively simple mnemonic can be turned into a fanatically difficult password. Which brings us to Step 2: Turn your phrase into an acronym. Be sure 2 of 4 7/24/2009 4:58 PM
Fix your terrible, insecure passwords in five minutes. - B... http://www.slate.com/id/2223478/pagenum/all/#p2 to use some numbers and symbols and capital letters, too. I like to eat bagels at the airport becomes Ilteb@ta, and My first Cadillac was a real lemon so I bought a Toyota is M1stCwarlsIbaT. That's it—you're done. These mnemonic passwords are hard to forget, but they contain no guessable English words. You can even create pass phrases for specific sites that are coded with a hint about their purpose. A sentence like It's 20 degrees in February, so I use Gmail lets you set a new Gmail password every month and still never forget it: i90diSsIuG for September, i30diMsIuG for March, etc. (These aren't realistic temperatures; they're the month-number multiplied by 10.) How many different such passwords do you need? Four or five at most. You don't have to keep unique passwords for every single site you visit— Thompson says it's perfectly OK to repeat passwords on sites that don't need to be kept very secure. For instance, I can use the same password for my accounts at the New York Times, the New Republic, The New Yorker, and other online magazines, because it won't hurt me too much if someone breaks into those. (My mnemonic is, I like to read snooty publications quite often.) You should probably use different passwords for each your social networking accounts—someone can do real damage by breaking into your Facebook or Twitter, so you want to keep them distinct—but you can still come up with a single systematic mnemonic to protect them: Twitter is my second favorite social networking site, MySpace is my third favorite social networking site, etc. Reserve your strongest, most distinct passwords for the few very important services that, if cracked, could do the most damage—your bank account, your computer, and most of all your e-mail, which often contains the keys to everything else in your life. To be sure, this is more of a hassle than what you're doing now—but what you're doing now is going to come back to bite you. These days, we're all dishing personal information all the time; you may think that your password is totally unguessable, but your Facebook makes clear that you're a huge U2 fan and you graduated from college in 2000. Achtung2000, eh? Just go ahead and make some new passwords right now. Trust me, you'll feel better. 21 267 diggs votes digg it PRINT E-MAIL RECOMMEND... RSS YOU MIGHT ALSO LIKE: Bitterness, Compulsive Shopping, and Internet Addiction: The diagnostic madness of DSM-V. No, You Can't Have My Social Security Number: Why using SSNs for identification is risky and stupid. Why No More 9/11s?: An interactive inquiry about why America hasn't been attacked again Health Care Reform: An Online Guide: If you want to keep up, you must know these Web sites. 3 of 4 7/24/2009 4:58 PM
Fix your terrible, insecure passwords in five minutes. - B... http://www.slate.com/id/2223478/pagenum/all/#p2 Farhad Manjoo is Slate's technology columnist and the author of True Enough: Learning To Live in a Post-Fact Society. You can e-mail him at farhad.manjoo@slate.com and follow him on Twitter. Il lust rati on b y Robert Neubecker. W hat did you think of this article? Join The Fray: Our Reader Discussion Forum POS T A MESSAGE | READ ME SSAG ES The Crucial Problem In the Loop: The Best Life Without Snapping Turtles: Not Is It Better To Drink The Guy Who Taught That Health Care Political Satire in Ages Newspapers Wouldn't Just Hissing, Lunging, Fizzy Drinks From Ricky Gervais and Reform Won't Solve Be So Bad Biting Beasts Bottles or Cans? Sacha Baron Cohen Everything They Know s ite map | build your own Slate | the fray | about us | contact us | S late on Facebook | s earch feedback | help | advertise | newsletters | mobile | make Slate you r h omep age 2009 Wa shington Post.Newsweek Interactive Co. LLC User Agree me nt and Privacy Policy | All rights reserved 4 of 4 7/24/2009 4:58 PM

Recommended

Multi Center Operations (July 2008)
Multi Center Operations (July 2008)Multi Center Operations (July 2008)
Multi Center Operations (July 2008)guest2d9457
 
Rural Housing Financing
Rural Housing FinancingRural Housing Financing
Rural Housing FinancingSusy Hurlbert
 
Creating Regional Wealth Copy
Creating Regional Wealth CopyCreating Regional Wealth Copy
Creating Regional Wealth CopyJeff Saperstein
 
Android Entwicklung GTUG München 2009
Android Entwicklung GTUG München 2009Android Entwicklung GTUG München 2009
Android Entwicklung GTUG München 2009greenrobot
 
Wisp Ql
Wisp QlWisp Ql
Wisp Qldrarryradton
 
High Quality Education (July 2009)
High Quality Education (July 2009)High Quality Education (July 2009)
High Quality Education (July 2009)guest2d9457
 
How to Navigate Your Career 2015
How to Navigate Your Career 2015 How to Navigate Your Career 2015
How to Navigate Your Career 2015 Jeff Saperstein
 
O Processo De Bolonha Na Web Semântica
O Processo De Bolonha Na Web SemânticaO Processo De Bolonha Na Web Semântica
O Processo De Bolonha Na Web SemânticaEduardo Covelinhas
 

Recommended

Multi Center Operations (July 2008)
Multi Center Operations (July 2008)Multi Center Operations (July 2008)
Multi Center Operations (July 2008)guest2d9457
 
Rural Housing Financing
Rural Housing FinancingRural Housing Financing
Rural Housing FinancingSusy Hurlbert
 
Creating Regional Wealth Copy
Creating Regional Wealth CopyCreating Regional Wealth Copy
Creating Regional Wealth CopyJeff Saperstein
 
Android Entwicklung GTUG München 2009
Android Entwicklung GTUG München 2009Android Entwicklung GTUG München 2009
Android Entwicklung GTUG München 2009greenrobot
 
Wisp Ql
Wisp QlWisp Ql
Wisp Qldrarryradton
 
High Quality Education (July 2009)
High Quality Education (July 2009)High Quality Education (July 2009)
High Quality Education (July 2009)guest2d9457
 
How to Navigate Your Career 2015
How to Navigate Your Career 2015 How to Navigate Your Career 2015
How to Navigate Your Career 2015 Jeff Saperstein
 
O Processo De Bolonha Na Web Semântica
O Processo De Bolonha Na Web SemânticaO Processo De Bolonha Na Web Semântica
O Processo De Bolonha Na Web SemânticaEduardo Covelinhas
 
How to Navigate Your Career 2-2015
How to Navigate Your Career 2-2015How to Navigate Your Career 2-2015
How to Navigate Your Career 2-2015Jeff Saperstein
 
FHA203k Financing
FHA203k FinancingFHA203k Financing
FHA203k FinancingSusy Hurlbert
 
Curricula based English language learning resource for learning centers
Curricula based English language learning resource for learning centersCurricula based English language learning resource for learning centers
Curricula based English language learning resource for learning centersShailaja Shah
 
Kaipod offensive-defense
Kaipod offensive-defenseKaipod offensive-defense
Kaipod offensive-defenserout3rx
 
Enabling modularization through OSGi and SpringDM
Enabling modularization through OSGi and SpringDMEnabling modularization through OSGi and SpringDM
Enabling modularization through OSGi and SpringDMmukulobject
 
Short Sales
Short SalesShort Sales
Short SalesSusy Hurlbert
 
Home Sellers Seminar - 4/2/11
Home Sellers Seminar - 4/2/11Home Sellers Seminar - 4/2/11
Home Sellers Seminar - 4/2/11Susy Hurlbert
 
EventBus for Android
EventBus for AndroidEventBus for Android
EventBus for Androidgreenrobot
 
Technology In Education
Technology In EducationTechnology In Education
Technology In EducationShailaja Shah
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 

More Related Content

Viewers also liked

How to Navigate Your Career 2-2015
How to Navigate Your Career 2-2015How to Navigate Your Career 2-2015
How to Navigate Your Career 2-2015Jeff Saperstein
 
Curricula based English language learning resource for learning centers
Curricula based English language learning resource for learning centersCurricula based English language learning resource for learning centers
Curricula based English language learning resource for learning centersShailaja Shah
 
Kaipod offensive-defense
Kaipod offensive-defenseKaipod offensive-defense
Kaipod offensive-defenserout3rx
 
Enabling modularization through OSGi and SpringDM
Enabling modularization through OSGi and SpringDMEnabling modularization through OSGi and SpringDM
Enabling modularization through OSGi and SpringDMmukulobject
 
Home Sellers Seminar - 4/2/11
Home Sellers Seminar - 4/2/11Home Sellers Seminar - 4/2/11
Home Sellers Seminar - 4/2/11Susy Hurlbert
 
EventBus for Android
EventBus for AndroidEventBus for Android
EventBus for Androidgreenrobot
 
Technology In Education
Technology In EducationTechnology In Education
Technology In EducationShailaja Shah
 

Viewers also liked (9)

How to Navigate Your Career 2-2015
How to Navigate Your Career 2-2015How to Navigate Your Career 2-2015
How to Navigate Your Career 2-2015
 
FHA203k Financing
FHA203k FinancingFHA203k Financing
FHA203k Financing
 
Curricula based English language learning resource for learning centers
Curricula based English language learning resource for learning centersCurricula based English language learning resource for learning centers
Curricula based English language learning resource for learning centers
 
Kaipod offensive-defense
Kaipod offensive-defenseKaipod offensive-defense
Kaipod offensive-defense
 
Enabling modularization through OSGi and SpringDM
Enabling modularization through OSGi and SpringDMEnabling modularization through OSGi and SpringDM
Enabling modularization through OSGi and SpringDM
 
Short Sales
Short SalesShort Sales
Short Sales
 
Home Sellers Seminar - 4/2/11
Home Sellers Seminar - 4/2/11Home Sellers Seminar - 4/2/11
Home Sellers Seminar - 4/2/11
 
EventBus for Android
EventBus for AndroidEventBus for Android
EventBus for Android
 
Technology In Education
Technology In EducationTechnology In Education
Technology In Education
 

Recently uploaded

Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 

Recently uploaded (20)

Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 

Fix Your Terrible Insecure Passwords

  • 1. Fix your terrible, insecure passwords in five minutes. - B... http://www.slate.com/id/2223478/pagenum/all/#p2 BRIEFING NEWS & POLITICS ARTS LIFE BUSINESS & TECH SCIENCE PODCASTS & VIDEO BLOGS Search MORE TECHNOLOGY COLUMNS HOME / TECHNOLOGY : THE FUTURE AND WHAT TO DO ABOUT IT. Fix Your Terrible, Insecure Passwords Fix Your Terrible, in Five Minutes A foolproof technique to secure your computer, e-mail, and bank account. Insecure Passwords in Farhad Manjoo | July 24, 2009 Why 2024 Will Be Like Nineteen Five Minutes Eighty-Four How Amazon's remote deletion of e-books from the Kindle paves the way for A foolproof technique to secure your computer, e-mail, and book-banning's digital future. bank account. Farhad Manjoo | July 20, 2009 By Farhad Manjoo The World's Greatest Music Service Posted Friday, July 24, 2009, at 7:05 AM ET Spotify streams every song you'd ever want to hear for free—and it's not for It's tempting to blame the victim. In American ears. May, a twentysomething French hacker Farhad Manjoo | July 16, 2009 broke into several Twitter employees' Search for more Technology articles e-mail accounts and stole a trove of Subscribe to the Technology RSS feed meeting notes, strategy documents, and other confidential scribbles. The View our complete Technology archive hacker eventually gave the stash to TechCrunch, which has since published notes from meetings in which Twitter TODAY'S TODAY'S TODAY'S TODAY'S execs discussed their very lofty goals. PICTURES CARTOONS DOONESBURY VIDEO (The company wants to be the first Scoot! Web service to reach 1 billion users.) How'd the hacker get all this stuff? Like a lot of tech startups, Twitter runs without paper—much of the company's discussions take place in e-mail and over shared Google documents. All of these corporate secrets are kept secure with a very thin wall of protection: the employees' passwords, which the intruder managed to guess because some people at Twitter used the same passwords for many different sites. In other words, Twitter had it coming. The trouble is, so do the rest of us. MOST MOST READ E-MAILED Your passwords aren't very secure. Even if you PRINT 1. Let the Baby Have His Bottle? think they are, they probably aren't. Do you use Evaluating the dangers of bisphenol A. DISCUSS By Nina Shen Rastogi | July 20, 2009 the same or similar passwords for several different E-MAIL important sites? If you don't, pat yourself on the 2. The Depressing Cycle of Racial back; if you do, you're not alone—one recent RSS Accusation The arrest of Henry Louis Gates Jr. is about survey found that half of people online use the RECOMMEND... neither racial profiling nor playing the race card. same password for all the sites they visit. Do you SINGLE PAGE By Richard Thompson Ford | July 23, 2009 change your passwords often? Probably not; more 3. Fix Your Terrible, Insecure Passwords than 90 percent don't. If one of your accounts falls to a hacker, will he in Five Minutes find enough to get into your other accounts? For a scare, try this: A foolproof technique to secure your computer, e-mail, and bank account. Search your e-mail for some of your own passwords. You'll probably find By Farhad Manjoo | July 24, 2009 a lot of them, either because you've e-mailed them to yourself or 4. Yep, He's Gay I found evidence that my husband likes men, 1 of 4 7/24/2009 4:58 PM
  • 2. Fix your terrible, insecure passwords in five minutes. - B... http://www.slate.com/id/2223478/pagenum/all/#p2 because some Web sites send along your password when you register or but he won't admit it. July 23, 2009 when you tell them you've forgotten it. If an attacker manages to get into your e-mail, he'll have an easy time accessing your bank account, 5. An Open Letter to Jon Stewart Bring back Leibowitz! your social networking sites, and your fantasy baseball roster. That's By Ron Rosenbaum | July 24, 2009 exactly what happened at Twitter. (Here's my detailed explanation of how Twitter got compromised.) Everyone knows it's bad to use the same password for different sites. Word of the Week People do it anyway because remembering different passwords is Are Microsoft and Google Faking it? annoying. Remembering different difficult passwords is even more Denny's Salty Shock annoying. Eric Thompson, the founder of AccessData, a technology forensics company that makes password-guessing software, says that most passwords follow a pattern. First, people choose a readable word as Please, Professor Gates! a base for the password—not necessarily something in Webster's but Will Downing in 'Classique' Form something that is pronounceable in English. Then, when pressed to add Officer Says He Won't Apologize a numeral or symbol to make the password more secure, most people add a 1 or ! to the end of that word. Thompson's software, which uses a "brute force" technique that tries thousands of passwords until it How Rappers Embraced Soft Power guesses yours correctly, can easily suss out such common passwords. Obama Is Blowing It on the Settlements When it incorporates your computer's Web history in its algorithm—all The World's Worst Healthcare Reforms your ramblings on Twitter, Facebook, and elsewhere—Thompson's software can come up with a list of passwords that is highly likely to include yours. (He doesn't use it for nefarious ends; AccessData usually Sex Among the Spineless guesses passwords under the direction of a court order, for military What's Playing in Your Toddler's Ear? purposes, or when companies get locked out of their own systems Abortion and the Health Care Debate —"systems administrator gets hit by a bus on the way to work," Thompson says by way of example.) U.S. Hunger For Fish Byproducts Not As Strong As First Imagined Security expert Bruce Schneier writes about passwords often, and he distills Thompson's findings into a few rules: Choose a password that Bad Lab Results Often Unreported doesn't contain a readable word. Mix upper and lower case. Use a Potato-Faced Youngster Lauded For number or symbol in the middle of the word, not on the end. Don't just Memorizing Primitive 26-Character Alphabet use 1 or !, and don't use symbols as replacements for letters, such as @ for a lowercase A—password-guessing software can see through that Obama Uses Funding to Get Education trick. And of course, create unique passwords for your different sites. Changes Poll: Palin's Favorability Dips RELATED IN That all sounds difficult and SLATE Health Reform Deadline in Doubt time-consuming. It doesn't have to be. In Schneier's comment section, I found Farhad Manjoo recently explained a foolproof technique to create the concept behind Twitter and Inside Russia's First School of Rock passwords that are near-impossible to whether joining Twitter is Madonna's Latest Catholic Controversy necessary. In 2004, Paul Boutin crack yet easy to remember. Even The Science Behind Cancer Prognoses argued that we really don't want better, it'll take just five minutes of Internet security. Plus, Josh Levin your time. Ready? on stupid bank security questions. Start with an original but memorable phrase. For this exercise, let's use these two sentences: I like to eat bagels at the airport and My first Cadillac was a real lemon so I bought a Toyota. The phrase can have something to do with your life or it can be a random collection of words—just make sure it's something you can remember. That's the key: Because a mnemonic is easy to remember, you don't have to write it down anywhere. (If you can't remember it without writing it down, it's not a good mnemonic.) This reduces the chance that someone will guess it if he gets into your computer or your e-mail. What's more, a relatively simple mnemonic can be turned into a fanatically difficult password. Which brings us to Step 2: Turn your phrase into an acronym. Be sure 2 of 4 7/24/2009 4:58 PM
  • 3. Fix your terrible, insecure passwords in five minutes. - B... http://www.slate.com/id/2223478/pagenum/all/#p2 to use some numbers and symbols and capital letters, too. I like to eat bagels at the airport becomes Ilteb@ta, and My first Cadillac was a real lemon so I bought a Toyota is M1stCwarlsIbaT. That's it—you're done. These mnemonic passwords are hard to forget, but they contain no guessable English words. You can even create pass phrases for specific sites that are coded with a hint about their purpose. A sentence like It's 20 degrees in February, so I use Gmail lets you set a new Gmail password every month and still never forget it: i90diSsIuG for September, i30diMsIuG for March, etc. (These aren't realistic temperatures; they're the month-number multiplied by 10.) How many different such passwords do you need? Four or five at most. You don't have to keep unique passwords for every single site you visit— Thompson says it's perfectly OK to repeat passwords on sites that don't need to be kept very secure. For instance, I can use the same password for my accounts at the New York Times, the New Republic, The New Yorker, and other online magazines, because it won't hurt me too much if someone breaks into those. (My mnemonic is, I like to read snooty publications quite often.) You should probably use different passwords for each your social networking accounts—someone can do real damage by breaking into your Facebook or Twitter, so you want to keep them distinct—but you can still come up with a single systematic mnemonic to protect them: Twitter is my second favorite social networking site, MySpace is my third favorite social networking site, etc. Reserve your strongest, most distinct passwords for the few very important services that, if cracked, could do the most damage—your bank account, your computer, and most of all your e-mail, which often contains the keys to everything else in your life. To be sure, this is more of a hassle than what you're doing now—but what you're doing now is going to come back to bite you. These days, we're all dishing personal information all the time; you may think that your password is totally unguessable, but your Facebook makes clear that you're a huge U2 fan and you graduated from college in 2000. Achtung2000, eh? Just go ahead and make some new passwords right now. Trust me, you'll feel better. 21 267 diggs votes digg it PRINT E-MAIL RECOMMEND... RSS YOU MIGHT ALSO LIKE: Bitterness, Compulsive Shopping, and Internet Addiction: The diagnostic madness of DSM-V. No, You Can't Have My Social Security Number: Why using SSNs for identification is risky and stupid. Why No More 9/11s?: An interactive inquiry about why America hasn't been attacked again Health Care Reform: An Online Guide: If you want to keep up, you must know these Web sites. 3 of 4 7/24/2009 4:58 PM
  • 4. Fix your terrible, insecure passwords in five minutes. - B... http://www.slate.com/id/2223478/pagenum/all/#p2 Farhad Manjoo is Slate's technology columnist and the author of True Enough: Learning To Live in a Post-Fact Society. You can e-mail him at farhad.manjoo@slate.com and follow him on Twitter. Il lust rati on b y Robert Neubecker. W hat did you think of this article? Join The Fray: Our Reader Discussion Forum POS T A MESSAGE | READ ME SSAG ES The Crucial Problem In the Loop: The Best Life Without Snapping Turtles: Not Is It Better To Drink The Guy Who Taught That Health Care Political Satire in Ages Newspapers Wouldn't Just Hissing, Lunging, Fizzy Drinks From Ricky Gervais and Reform Won't Solve Be So Bad Biting Beasts Bottles or Cans? Sacha Baron Cohen Everything They Know s ite map | build your own Slate | the fray | about us | contact us | S late on Facebook | s earch feedback | help | advertise | newsletters | mobile | make Slate you r h omep age 2009 Wa shington Post.Newsweek Interactive Co. LLC User Agree me nt and Privacy Policy | All rights reserved 4 of 4 7/24/2009 4:58 PM