Wednesday, September 19, 2007

Scam-proof Passwords

One night last year I swept an accountant's office in midtown Manhattan. By "swept," I mean TSCM, or an electronic surveillance countermeasures job, or, in other words, bug sweep.

I found a video camera hidden in a plant. It was easy to find because most plants don't have a wire leading to them. In this case, the owner placed the camera as part of his security system.

I was part of a team. The other part were Israeli computer geeks. They had a disk that they shoved into the computers in the office and, literally, in two seconds, uncovered all the passwords in each computer.

Most hackers and identity thieves don't have such sophisticated software. They don't need it. Many people use their pet's name, their first name, nicknames, "password", "123456," "qwerty," "abc123," "letmein," "monkey," their birthdate, or part of their Social Security Number, as their password. Hackers and identity thieves know this.

Obviously, any password stored on a computer is obtainable. However, the best passwords...ones that people cannot guess...are random passwords. Examples are: 4kC?l0*, or 4ilJH%, or #Ikn*M. These were created randomly by hitting different keys blindly.

Of course, if you have passwords like this, and I recommend it, you have to write them down, because you'll never remember them. Just don't tape them to your computer.

No comments: