Jon McCain
  - software - articles - about - contact  

Your Security Is As Only Good As Your Passwords

In most environments it does not matter how good your firewall is configured. It does not matter if all of your programs are bug free.  Since you have to allow people to access the system,  your security is only as good as your passwords.  

First, don't use easily guessed passwords.  Some famous passwords are sex,root and god. These are among the first ones a hacker will try. Don't make the password something obvious like your userid.  Don't use password as your password.  And don't make your password blank.

When selecting a password do not use a word that is in the dictionary. There are programs that can take a list of known words and try them one at a time until entry is gained.  Use a mix of numbers and letters.  Maybe try misspelling some words like:

cookiebox => kookieb0x
  or
spaceship => sp8ceshep

The longer a password is the harder it will be to break.  It should be 8 characters or longer.  There are hacker tools that can try random groups of characters.  But this takes time.  The more characters in the word the more combinations there are and thus the longer it take to get to it.  Computers are very powerful today and are getting faster every day.

For extra security change your passwords every month.  You should not use the same password for multiple systems either.  Once someone figures out your password they would gain access to everything you have.  You can limit the damage they could do or the amount of information they could steal by not using the same exact password for your windows login, your email account,your dial up connection,etc.  This is especially true when signing up for account/services on web sites.  Don't use the same password you use on your really important things like your checking account.  
This article is going to show you how to use an ssh client to port forward some tcp/ip traffic through an ssh tunnel

Users passwords are not the only problem.  Many server programs have a default password set when they are installed.  The first thing you should do is change them.  Database servers generally have the default administrator password as blank.  All someone has do is find out the default password for an application and have instant access to your system.  Watch out for passwords in hardware such as a wireless hub or a cable router.  Be sure to change it from the factory default. It's not very secure if your password is in the manual that it came with.

You may dislike using passwords that are a little hard to remember, but security is no longer a laughing matter.  When someone breaks into your computer and/or network the cost to repair the damage can be pretty big in time and money.

Date: 4/19/2003