I don’t need to be Derren Brown to guess your computer password. If you’re
a man, the chances are it’s England skipper David Beckham, your nickname,
a Star Wars or Lord of the Rings character, or your car. If you’re a woman,
it’s probably a family or pet’s name, a birthday - or England skipper
David Beckham. And if you’re a smart alec (around 5% of you are), you’re
using the word ‘password’ itself.
But if that hasn’t got you rushing to your keyboard to change your settings,
don’t imagine your personal and online banking details are secure. Raimund
Genes, Chief Technical Officer for security company Trend Micro, says, “It’s
all about your password strength. For instance, if your Windows password is any
word with less than 14 characters, it can be cracked by software in less than
five minutes.”
All English words or names, however unusual, make terrible passwords, as they
can be matched against dozens of huge ‘password dictionaries’ found
on the internet. It’s pretty easy to toughen up your security, according
to Raimund Genes: “Longer, randomised passwords with special characters
like ? or £ (rarely found in American password dictionaries) are almost
unbreakable.”
Unfortunately, such complicated passwords can also be difficult to memorize. Research
firm Gartner found that up to a third of all helpdesk requests are to ask for
lost passwords, prompting around two thirds of us to write down our passwords
– a security risk in itself.
The easiest solution, suggest Trend’s Genes, is to use a long ‘pass
phrase’ instead of a simple password: “A whole sentence, such as ‘Ilovesushifordinner’
might sound stupid but it’s very long, easy to remember and almost impossible
to break – unless you go around telling everyone your favourite restaurant.”
Of course, it doesn’t matter how strong your password is, if criminals can
persuade you to hand over your security details willingly. You’ve probably
already received spam emails that pretend to be from your online bank, redirecting
you to a fake website where they can capture your user name and password.
In a test this April, Infosecurity Europe got over 80% of commuters at Victoria
station to reveal key personal details, from their date of birth to mother’s
maiden name, just for the chance to win an Easter egg. “The problem is less
do with modern technology,” says Raimund Genes, “And more to do with
careless users.”
Online ‘phishing’ scams cost UK banks around £30 million last
year and, as Genes points out, “When the banks feel the pain, they’ll
introduce new measures”. Some are already in place in Germany, where banks
now hand out single-use numerical codes for use alongside traditional passwords.
These five-digit numbers can be sent to customers on their mobiles and are only
good for one transaction. Even more secure are smart tokens; key-ring devices
that generate random, rolling codes.
With biometric ID cards on the horizon, fingerprint, iris and face scanning technology
is beginning to find its way into the home. Despite questionable accuracy (even
Home Office fingerprint systems make mistakes 20% of the time), such devices can
be useful, says Raimund Genes: “Biometric readers are basically password
management systems. Because you don’t have to type so often, they’re
an incentive for having long, complex passwords.”
Biometric technology can’t come too soon for some. Office workers now have
an average of seven passwords to remember – and some as many as 25. This
has lead to an explosion in popularity of software such as Norton’s Password
Manager, which can store passwords and personal information for everyone in a
family. But Raimund Genes has one final word of warning, “Remember that
you’ll need a strong password for your password manager software!”
Biometric gadgets
SanDisk Cruzer Profile £20 www.sandisk.co.uk – This neat little USB
drive has a built-in fingerprint reader so you can securely carry 512Mb of data
and passwords wherever you go.
Nimzy Face Snapper Recogniser £50 www.widget.co.uk – Do identical
twins have any secrets from each other? Find out by testing this smart webcam,
which lock outs users with the wrong mugshot.
Microsoft Wireless Mouse with Fingerprint Reader £80 www.microsoft.com/uk
- Now you can get to work seconds earlier, by logging on with a simple swipe of
your finger on this wireless optical mouse.
Passwords of warning
• Long, complex passwords are better than short, easy to guess words. Get
a random one from www.winguides.com/security/password.php
• Don’t use the same password for lots of websites. Most online banks
only guarantee your money if you use a password unique to them.
• Test the strength of your current password at www.securitystats.com/tools/password.php
• Password management programs can be handy but make sure your bank allows
you to use them – some don’t.
• Don’t let your web browser automatically remember passwords unless
you’re certain that no one else can access your computer.
• Always use reliable firewall and anti-virus software, such as ZoneAlarm
Security Suite (www.zonelabs.com), and keep it up to date.