Today's Most Popular Video
Sep 22, 2008 11:04 pm US/Central
Good Question: How Safe Are Our Passwords?
(WCCO)
When a hacker got access to Alaska Gov. Sarah Palin's private e-mail account it raised questions about the security of all our passwords and online accounts. How safe are our passwords?
"Not very," said Andrew Ambrose, Senior Consultant, Computer Zone Consulting in Minneapolis. "It's kinda sad."
Ambrose said he works with clients to try and get them to toughen up their passwords. But it's an uphill battle.
"I run across all the time, 'password123' and 'password12.' People still do that actually," he said.
The battle between ease of remembering the password and the desire for security is often lost by security. But the hacker who got into Palin's account didn't have to work very hard to get her password. He reset it himself, using a common feature on her e-mail.
Many e-mail programs have a function you can click on to reset the password by answering secret questions. But many of those questions have answers that are easily accessible via Internet searches.
For example, many ask for a pet's name or a mother's maiden name.
"How long does it take to find a zip code or birth date?" asked Ambrose. "That was an easy one."
Ambrose suggests making up false answers to the security questions, that way anyone who tries to reset your password will be thwarted.
Aaron Landry, IT Manager for Go East in St. Paul, said "I argue that those 'security questions' actually make accounts less secure. I mean, what's the point of having a super secure password if all you need to know is someone's birth date, the name of their dog and their mother's maiden name?"
He also suggests making up answers to those questions.
Landry has several password tips he said he shares with his company's employees.
"A good way to make passwords is to mix two separate things together. For example, use your spouse's middle name spelled backwards with your zip code -- or your child's birth date mixed with the street you grew up on," he suggested.
Also, "Avoid using dictionary words -- try swapping out some of the letters with numbers,"
Ambrose said he'll sometimes use a code, where he swaps out the vowels "A-E-I-O-U" in words with the numbers "1-2-3-4-5." So the word "password" would become "p1ssw4rd" under that system.
He added that he often finds people writing passwords down, and leaving them on pieces of paper under the keyboard. If you must write it down, Ambrose suggested adding some extraneous numbers or letters to the password on the paper, so if someone found the paper, they would not have the correct password.
(© MMIX, CBS Broadcasting Inc. All Rights Reserved.)
Truckers Sue For Unauthorized Citations
Click to enlarge
Stumble It!
Reporting
