Archive for August, 2010
Strong Passwords
I’ve come across an alarming number of people in my travels who have no password at all on their computers or have very easy to guess passwords.
People tell me that they don’t care if someone gets into their computer and they don’t have anything to hide or anything worth stealing but they still call me when all of their data goes missing or someone hacks their wifi connection or emails.
Think your password system is pretty secure. Read this article (How I’d hack your weak passwords) and let me know how well your password would hold up.
A case for decent passwords:
1. Your data is your data. If it isn’t well protected you could loose it forever or have it stolen and used for malicious purposes like identity theft etc. How much would your family photos on your computer be worth to someone else? How much would they be worth to get them back if you lost them?
2. Computers are always getting faster, tools are always getting more complex and hackers are always getting more ingenious. The amount of time required for a decently spec’d computer to crack password with brute force is going down by the day. And the tools for password recover, network sniffers, trojans etc are getting more ellaborate by the day.
3. If nothing else, there is hassle involved when someone else gains your password. At the very least there is the hassle to change your password and remember a new one. At worst, there is time and money spent on repairing the operating system on your computer, rebuilding your online identity and recovering your files.
How to make your passwords stronger
1. Don’t use real words, names or birthdays.
2. Use a combination of lowercase letters, uppercase letters, numbers and symbols. The more the merrier and the longer the merrier. Many corporate organisations enforce a policy of have at least 3 of the 4 groups mentioned here and a minimum of 7 characters.
3. Try a song that you know well and use the first letter of each word as your password – “Somewhere over the rainbow, way up high” becomes sotrwuh. Then mix this up with some capital letters or numbers (don’t just capitalise the first letter add 1 to the end).
4. If you touch-type, try shifting your fingers one space to the left or right. This makes otherwise easy passwords harder to guess. password becomes [sddeptf for example.
Some suggestions for managing passwords
1. Get some software to help you remember. I recommend Keypass (http://keepass.info/) for your system passwords and LastPass (http://lastpass.com/) which specialises in Internet passwords and logins. Using these you can set strong different passwords for different systems, applications and internet sites and you only have to remember one password for your Keepass and/or Lastpass software.
2. Change your passwords regularly. I know this makes them harder to remember but it is a great security measure. If someone spends a month cracking your password but you changed it a week ago, it isn’t going to help them much.
3. Use different passwords for different systems. Some systems are more secure than others and yet people generally use the same password for everything. If someone gets your password form an insecure site on the net that you signed up to a newsletter on or something, can they then use the same password for accessing your email and bank account details?
Anti-virus
Prevention:
It’s been said that prevention is better than cure. So my first recommendation is to get an anti-virus program, use it and keep it up-to-date.
I’m not going to recommend one specific product here because they are forever getting better and worse and bigger and better and someone, somewhere will always disagree with whatever I recommend. And I can’t say I’ve used every product or done a thorough comparison.
If you don’t know where to start, some anti-virus software products are (in alphabetical order to avoid bias):
- Avast
- AVG Anti-virus and the Free Version
- Comodo Anti-virus
- Eset Anti-virus
- Kapersky Antivirus
- Microsoft Security Essentials
- Norton Anti-virus
- Sophos Anti-virus
Pick one that works for your budget, read reviews (avoid fake, sponsored reviews) and get advice from local experts. Stick with only one as installing more than one will be counter-productive. It will slow your system down, create more work for you to administer them both and keep them up-to-date, and they will probably conflict in some way with each other.
But I will recommend this. Get an anti-virus of some sort, keep it up-to-date and use it (I might have mentioned this already…).
Oh, And back up your files! I know, I know, it’s boring and tedious and there aren’t many decent backup utilities out there but believe me that you’ll be well pleased when a virus infects your documents and you have a recent backup to use once the virus is cleaned out.
And if you feel that that isn’t enough, get a firewall and a spyware/malware program as well. I use a software firewall (cause it’s free) and really enjoy the control it gives you over which applications are allowed what access to the internet and to your pc.
Cure
I recently have had a few cases where prevention wasn’t enough or wasn’t existed and I’ve had to clean out some nasty little viruses. I had a rescue cd but it was getting a big outdated and I wanted to have more than one to make sure I got everything.
I found a great roundup of anti-virus and rescue disks here:
http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/
These are free to download, burn and then you can use them to recover from a virus infection. I would suggest using CDRW disks if possible as the definitions and the programs themselves will change over time as viruses change. And you’ll want to update your rescue disks occasionally. The nice thing about these rescue disks is that they are usually based on a light Linux distribution and therefore will run even if your Windows installation is crippled or won’t boot.
Malware
Assuming you can at least boot into safe mode, there are some excellent apps around for clearing out and preventing spyware etc. Some of the apps mentioned above will cover this type of software as well but the following are specialists:
- Hijackthis and a log analyser like hyjackthis.de
- Spybot
- MalwareBytes