Using Passwords Online

June 1st, 2009 by Olga Koksharova

 Today’s technologies allow staying online practically 24 hrs a day, periodically falling into a sleeping mode. The Internet became easily accessible and numerous devices can connect us to the web from everywhere, and every time when we surf the web we are being registered, at least via IP address of our devices. 

I bet it was more than once that you had to fill out a sort of name-company-position-email-telephone-whatever form when registering or subscribing to something. Do you think about preserving privacy of your information when leaving such data on someone’s website? It is a common experience which gradually became an axiom that anything you leave in the Internet sooner or later becomes public. Hopefully you do not try your fortune and do not use your registration data anywhere in your passwords. Besides, when registering please be careful about your “secret questions” and your secret answers, because most of your answers (like mother’s maiden name, favorite football team…) can be guessed in different ways. 

The term phishing must be familiar to you as it became sort of buzz word, but still the meaning is that fake websites (usually copies of some popular existing ones) are being created to gather personal data like names, telephone numbers, e-mail addresses and sensitive information like passwords or credit card numbers. But they are not necessarily site-duplicates; it can be an absolutely new and original website which gathers users’ info under color of download resource or any service opportunity. 

There is no such term as overcautiousness regarding user authentication. A password like GxOxD#P$@$w0rD may be good enough for a PDF file with 128-bit encryption, but bad for an online account for several reasons: first, an online account password can be tried for any other your accounts and/or protected files (what if you used the same one?); second, you can easily forget such a difficult password yourself, while there is no need to make it so complex because there are no programs for online passwords’ recovery (provided they are not captured by the turned-on AutoComplete of your web browser, in this case our AIEPR easily finds it). Thus, a normal password for an online account could be like PisO’Kake!

What’s worth remembering is that in particular Internet systems (fortunately, their number seems to decrease, but still they are) your password is being sent through the Internet totally unprotected, which means it is not a problem to capture it. In such cases passwords’ managers like KeePass (keepass.info) can help – they keep passwords in an encrypted file, which opens only if you know master password and this one (contrary to online passwords) must be highly secure. 

Please be careful with your online passwords and make them different from those that you use for protecting your files. Again, remember everything you leave in the Internet is no longer yours, at least not only yours, this is the sad truth. 

To sum up, I’ve outlined some basic tips for online passwords

  • They do not have to be as strong as offline passwords 
  • They should not coincide with any other your passwords used in the Internet or elsewhere
  • They should not be guessable after gathering info about you:
    1. never equal your personal info (name, birthday, car number, postal address…)
    2. never equal any general info about you (your likes/dislikes, haves/have nots…)

 


Tags: , , , ,

Sign up for free ElcomSoft Password Recovery Software newsletter

Leave a Reply