Tuesday, March 10, 2009

Password Security

I just purchased this month (Feb)'Digit' magazine and started with the 'Editorial'. The article was based on previous month issue 'SECURITY' special. That issue had a article 'A forward you should ignore' which little bit explain How to hack Gmail passwords of others account. And unfortunately as of now the Digit Team has more than 1000 passwords of other people and their personal information those who tried to hack their own passwords or their close friends.They did a harmless data mining to those passwords and found various amusing ways and astonishing stupid ways people keep their passwords. Here are some poor ways people keep their passwords, so I am keeping it in Dont's.

1) password should not be 'password'
2) dont keep password which is easy to type like 'qwerty', '123456' or 'abcdefg'
3) We know that your phone number is unique one but anyone who has ever called you could potentially hack your account.
4) same rules apply for postal codes.
5) Celebrities names or any names are never good for passwords, so dont ever use 'iloveaamir', 'Johnloveyou', 'ram123' or 'michel1984'

Here are some of the ways you should do...
1) Use alphanumeric and if possible use even punctuations.
2) Use combination of lower and upper cases.
3) Genrate some kind of rules for your passwords which can be changed periodically.
4) In addition to Rule of Passwords try to make rule for the particular site basis also. The beauty of this kind of rule is you dont have to remember lots of passwords, just remember the rule. Even if dont use the id for long time, you dont have to remember what password you used to have next time when you log in.
5) Even if you change your passwords frequently dont use only one passwords for all sites user id.

P.S.: Digit team found one very interesting password, that I cant resist to laugh after reading it 'iamloser'(millions of user, millions of mind)

And one more important thing....If a hacker really wants to hack your ID, you can do just NOTHING that's the fact ,but atleast dont convert naive to hacker.