ad info




CNN.com
 MAIN PAGE
 WORLD
 ASIANOW
 U.S.
 LOCAL
 POLITICS
 WEATHER
 BUSINESS
 SPORTS
 TECHNOLOGY
   computing
   personal technology
   space
 NATURE
 ENTERTAINMENT
 BOOKS
 TRAVEL
 FOOD
 HEALTH
 STYLE
 IN-DEPTH

 custom news
 Headline News brief
 daily almanac
 CNN networks
 CNN programs
 on-air transcripts
 news quiz

  CNN WEB SITES:
CNN Websites
 TIME INC. SITES:
 MORE SERVICES:
 video on demand
 video archive
 audio on demand
 news email services
 free email accounts
 desktop headlines
 pointcast
 pagenet

 DISCUSSION:
 message boards
 chat
 feedback

 SITE GUIDES:
 help
 contents
 search

 FASTER ACCESS:
 europe
 japan

 WEB SERVICES:
COMPUTING

From...
PC World

10 ways to avoid password headaches

August 31, 1999
Web posted at: 5:34 p.m. EDT (2134 GMT)

by Tom Spring
graphic

 ALSO
   Expert: Hotmail hole likely started in Sweden

   Sign up for the Computer Connection email service

   For more computing stories

 

(IDG) -- Passwords are the scourge of the digital age. Never mind the anguish the millennium bug is predicted to cast. Time and again, we are tortured by a multitude of passwords that force us to rack our brains for cryptic words like sn24ydo.

Get used to it, say computer experts.

Increasingly, passwords are our last line of defense protecting our computer, our finances, and our medical records. At work, we have passwords to log on to a local area network, start Windows, and do things like check e-mail and surf a half-dozen Web sites. At some companies, you can't even use the restroom without punching in a five-digit pass code.

Experts say employers have a lot to be paranoid about. Password-based attacks on small and large companies are steadily on the rise, say researchers at the CERT Coordination Center, a Carnegie Mellon University organization that collects reports on computer security problems.

The threat of large-scale computer crime is very real, and stealing passwords is one of the easiest ways for a criminal to launch an attack, according to CERT.

MORE COMPUTING INTELLIGENCE
IDG.net   IDG.net home page
  PC World home page
  FileWorld find free software fast
  Make your PC work harder with these tips
 Reviews & in-depth info at IDG.net
 *   IDG.net's desktop PC page
  IDG.net's portable PC page
  IDG.net's Windows software page
  IDG.net's personal news page
  Year 2000 World
  Questions about computers? Let IDG.net's editors help you
  Subscribe to IDG.net's free daily newsletter for computer geniuses (& newbies)
  Search IDG.net in 12 languages
 News Radio
 * Fusion audio primers
 * Computerworld Minute
   

If you're succumbing to password overload, here are some tips and tools to help you protect and remember passwords without demanding a whole lot of mental might.

Tips and tools

Password pitfalls

"Avoid the obvious," says Corey Schou, a professor at Idaho State University and a security expert who audits businesses and government agencies for network vulnerability. Passwords such as someone's name, your birth date, or a word from the dictionary may be easy to remember, but they're also very easy to break.

"A computer is only as secure as its password," Schou says. "Don't be lazy."

Hackers have tools that can crack a six-character password in less than 15 minutes, he says.

Each password should combine uppercase and lowercase characters, and include a digit or two. Finally, your password should be at least 6 characters long, although the most secure passwords are 13 or more.

Don't be redundant

Another popular mistake is using the same password for different purposes. If you use the same password for logging on to America Online, using the office network, and accessing your e-mail account, one security breach leaves your entire password-protected life vulnerable.

Rate your privacy needs

Face it, some programs and Web sites are about as important to password-protect as your trash. There is a big difference between someone surfing The New York Times' Web site under your account name and someone sending your boss hate e-mail using your e-mail account.

Rate the level of security for different applications and Web sites. Then create a sliding security scale for the passwords you want.

For your eyes only

You wouldn't leave your driver's license on the front steps to your home, or post your Social Security number at the corner store. So, why would you keep your passwords in easy view?

Password-covered Post-it Notes litter office monitors everywhere, Schou says. And even more hide underneath keyboards. Typically, as soon the network administrator changes the password, the yellow stickies get updated. This is a computer network manager's nightmare. If you must use a cheat sheet, keep it where others can't see it, like in your wallet or purse.

Buried treasure

You can "bury" your cheat sheet even deeper. Try keeping passwords in address books, encoded as bogus phone numbers or names. If your work password is billa3432, list a fictitious work pal as Bill Avery 555-3432, or write your boss's address down as 3432 Bill Ave.

Do it yourself

There's still hope if you should happen to lose your wallet and your memory. You can store Web site passwords inside your Netscape Bookmarks.

In Netscape 3.0 and higher you can easily stash passwords in the bookmark's Description field. First go to Edit Bookmarks, and right-click the bookmark for which you want to hide your password. Next select Bookmark Properties. In the Description box, enter your user name and password or a password hint.

Reading between the words

Schou suggests selecting a cryptic password by choosing a series drawn from the first letters of the words in a line from a poem or song. For example, "She'll Be Coming Around the Mountain" yields sbcatm.

Beware of password pirates

Don't give your password to anyone, no matter who asks for it. No matter how many times AOL warns its members about giving out their passwords, scammers posing as AOL employees still manage to trick people.

Still other password buccaneers have written JavaScript programs devised to make a bogus error message appears on your screen: "You have been disconnected from the computer you dialed. Please reenter sign-on information to reconnect."

Once you click OK, another window appears that looks nearly identical to the Windows 95 and 98 dial-up window that's used to launch a connection to an Internet service provider. Once you fill in the information, the program could e-mail it to someone else.

Personal password algorithm

Create a formula for devising all your passwords. Schou suggests picking significant dates and wrapping them into acronyms that symbolize the event.

An example for picking a password for work might be choosing your fist day on the job. By taking the month, event, year, and day of the week you might end up with 10fdw92mon as a password. The 10 stands for the month of the year, October; fdw is short for "first day of work"; 92 represents the year; and mon means Monday.

Hired gun

You might also consider storing your passwords in a list and encrypting them using a program such as Symantec's Norton For Your Eyes Only. Numerous password utilities are commercially available. One such freeware program is Password Pal by Dotted Decimal Software, (see "Download Password Pal," link below).

Password Pal places keys on your toolbar that you click to access your passwords and log-on names. Click on the key, and up pops a box with all your passwords and log-in names. But, of course, the key itself is password-protected.

Another program, Webpass, is a $12 shareware tool from C3 Software and also available on FileWorld (see "Download Webpass," link below). Webpass will enter your password into a Web site for you at the click of a button, but it doesn't store it in password-protected form.


RELATED STORIES:
Status of Hotmail privacy unclear
August 30, 1999
Is your business as safe as you think?
July 16, 1999
Hack-proof your system the hardware way
June 23, 1999

RELATED IDG.net STORIES:
Download Password Pal
(PC World Online)
Download Webpass
(PC World Online)
America Online tips and tricks
(PC World Online)
Protect your PC against hack attacks
(PC World Online)
How to outsmart PC viruses
(PC World Online)
Sold! How to win at Web auctions
(PC World Online)
Going wild with searches
(PC World Online)
Year 2000 World
(IDG.net)
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.

RELATED SITES:
CERT Coordination Center
Idaho State University
Webpass
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.
 LATEST HEADLINES:
SEARCH CNN.com
Enter keyword(s)   go    help

Back to the top   © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.