Thursday, February 24, 2005

Are your e-doors locked?

Dan Price blogged about their unlocked car being "broken" into and reminded us to lock our doors. The same applies on-line. Lock your e-doors.

I heard Paris Hilton's T-Mobile address book got "hacked". This got me thinking about the security of my on-line accounts. If a celebrity's account security can be hacked, I'm vulnerable, too, because I use the same kinds of companies, right?. Wrong! It turns out the T-Mobile database wasn't hacked in the purest sense of the term. It turns out she had a lame password. A password that about anyone who can type her name into a search engine could "guess".

The full story is here. Here's an excerpt.

"Like many online service providers, T-Mobile.com requires users to answer a "secret question" if they forget their passwords. For Hilton's account, the secret question was "What is your favorite pet's name?" By correctly providing the answer, any internet user could change Hilton's password and freely access her account."


It also turns out that weak passwords are one of the top security problems.

Here is a the long mind-numbing read for those who are up for it. The Twenty Most Critical Internet Security Vulnerabilities, and here is an excerpt on how to create a strong password:

        ▪          Not contain all or part of the user's account name
        ▪         Be at least six characters in length
        ▪         Contain characters from three of the following four categories:
        ▪          English uppercase characters (A through Z)
        ▪         English lowercase characters (a through z)
        ▪         Base 10 digits (0 through 9)
        ▪         Non-alphanumeric characters (e.g., !, $, #, %)


They also advise you should update the password periodically. Any password can be hacked given enough time by making a ton of guesses. Strangely enough the commonly used technical term for this is "brute force". So I guess the geeks can use thier own kind of force.

Of course all of this is only applicable to the extent you have something of value to protect.
BOTTOM LINE: Use strong passwords and change them periodically.

Now I'm off to change all of my passwords to: 12GE%n&aHp;&
. . . Oops.

No comments: