What's your password??

[ElderGeek]

Do you know what your passwords are? For your computer? For the server? For the router? For other computers in the office? :confused:

Are they posted on a “sticky” somewhere, or under your keyboard - for everyone to see or find? How many are left as the default?:o

Many people do not take security and passwords seriously. After all, who would want my data? But - it may not even be your data “they” are after.

Hackers are equipped with advanced programs that make breaking short passwords a very quick & simple process. Usually a "brute force" or "alphabet" attack can crack short passwords.:eek:

*Passwords are not stored on your machine if you EXCEED 14 characters in length; this makes it much more difficult for a hacker to “hack” into your password.

Use Pass Phrases like; [I fly like Superman when Crashing!] When you can.

If the character length is limited, then use "strong" passwords - use alpha and numeric characters WITH some special characters AND use both upper and lower case.


Hackers rarely are after your data, they would rather "use" yor system for their use.

** File storage: Use spare space to store their files, movies, music, pictures. Some of the content may be very questionable and even offensive...but it's free for a hacker. These files are almost always illegal and you could be held responsible for it.

** Spam: Use your server to send out spam. Or be part of a Denial of Service, (DoS) attack on a website or server.

** Phishing: Use your server to send out phishing emails (emails that look like another "real" web site . . . but it really goes to the hacker's site). For example, a banking site, asking you to confirm your social security number for "security". "They" get the info - and it's tracked back to you.

** Illegal activity: Use your server to conduct an illegal business. You can be held responsible for this.



But sometimes it is the data they are after. Usually busineses more so then Personal PCs. But they can still get at it if they want it bad enough.

** Financial data: Search your files for financial data - and then work more scams

** Credit cards: Search your files for credit card and other confidential information - and use as they see fit. Perhaps sell your identity.

Do you begin to see the problem?



Change your passwords and keep them secure. Anytime someone leaves your office, make it a company policy to have everyone change passwords. Why leave doubt in anyone's mind - just in case something were to happen.

On your Personal PC, if more then one user account has been set up, be sure to have passwords for each user. This helps the kids from messin' with your stuff at the very least.

Another common feature available on servers is the ability to allow passwords to be changed only by the Administrator or force the users to change their logon passwords at predetermined intervals.

Use passwords on applicatons like Quickbooks, Quicken, Peachtree, MS Money or any other financial program. This makes it more difficult for hackers to access the program's database.

Be Smart, Be Secure. Be Safe. Sleep well at night.


If you have any questions, just ask!!!

[Jeremy]

*Passwords are not stored on your machine if you EXCEED 14 characters in length; this makes it much more difficult for a hacker to “hack” into your password.

That always true? Never heard of that. Interesting.

[ElderGeek]

Remember we are talking Windows based systems here. I don't know if it applies to other Operating Systems.

In simple terms the Password is encrypted by the LM Hash, (Lan Manager Hash), and is stored in two locatons on the system. It's limit is 14 characters.

It actually breaks it up into two 7 character segments. So if your password is 8 characters long it adds "null" characters to fill out the last six characters.

This fact allows "crackers" to easily use tools to find or guess your password.

By using more then 14 characters, the LM hash doesn't know what to do with it and does nothing, no encryption, no storage. I can provide links if any one wants to read more about this, but believe me, it's real geek talk, even for me.

What is recommended by Security Pros now is to use "Pass Phrases" rather than "Passwords". Why? Because they are easier to remember, and are longer.

Instead of trying to remember; [eR34@xXy-uFeD1], It's easier to remember; [YFZ's kick everyone's Ass!] This Pass Phrase is 26 characters long, (spaces count).

The issue with the "old way" of creating passwords is that the hardware has become increasingly fast as time goes on, so Brute force, Alphabet, and Pre-Computing attacks take less time to run on today's equipment. So they are less secure than years past.

It will take time for this to trickle down to the masses as many websites and software limit passwords to 8 or 10 characters. But it will become the norm in the future to allow 127 or even 256 character "Pass Phrases".


So in a nut shell, use "Pass Phrases" instead of "passwords" whenever possible.

[JOHNNY BAJA]

Hey Micky, did you stay at a Holiday Inn last night? BWAAAAAAAAAAAA

Great stuff for everyone to take notice. At this moment Mike is probably aquiring my password as I am typing this.

I guess I need to start changing my passwords to pass phrases. hmmm

"Raptors eat YFZ's for lunch"...

Thanks Mikey, its good information to share with everyone.

-Johnny

[mike47]

I'm changing mine to:
"raptorsandyzslookcutenexttomyoutlaw"
Mike47

[JOHNNY BAJA]

Nope, I'm changing my password again...

"Realsportsquadsdonthaverearindependentsuspeni on"

Yep, that outa keep the hackers busy for a while.

-Johnny

[Jwilson84]

im gunna change mine to

DONTdriveCRAPTORSorPREDATURDS..lol


interesting info peace

[ElderGeek]

Keep in mind you can use spaces in Pass Phrases. Also this discussion applies to user & Administrator accounts on Servers and PCs. It can be applied to any account that does not have a limit on the number of characters of the password, like online banking and Credit Card acccounts.

One of my old Banking Pass Phrases was; [Give some money right now]


At this moment Mike is probably aquiring my password as I am typing this.


Well, to do that I need to hack the server this site is on. Then hack into the arizonaquads.com account. Then hack the passwords.

Give me a minute...... J/K

[mike47]

At this moment Mike is probably aquiring my password as I am typing this.


Well, to do that I need to hack the server this site is on. Then hack into the arizonaquads.com account. Then hack the passwords.

Give me a minute...... J/K[/QUOTE]




Hey Johnny Baja it looks like we are both getting hacked:eek:

I'm changing my pw to:
"when4i4look4back4all4i4see4is4hondas"
Johnny you got any suggestions for Jw?
mike47

[ElderGeek]

when4i4look4back4all4i4see4is4hondas

I like that one!!