Adeola Kayode
Believe it or not, the most popular password of 2014 was the word, ‘password’. Little wonder the cases of hacked accounts, leaked personal images and financial information remained big challenges to many people and organisations.
With everybody on many social media platforms and other online accounts, the challenge is understandable. However, with the totality of our communication, financial and personal information and images online, there is the need to pay attention to how we choose passwords and how we give them out to other people.
With fake emails bombarding us to update our personal information, add beneficiaries, block transactions and confirm passwords, we also need to be extremely careful. We should be careful what we authenticate.
I recall a friend of mine who received an email from a bank telling him to authenticate his details or his account would be blocked.
It all looked genuine except for one thing – the website’s address of the bank was a ‘.corn’ instead of ‘.com’. Anyone who missed the difference between the two addresses would likely fall into the trap.
The ease at which hackers have access to online accounts is helped by the challenge of remembering our details across accounts and ability to quickly identify hacking attempts.
This was why the teaser interview with infamous security expert, Edward Snowden, on John Oliver’s ‘Last Week Tonight’ spread like wild fire: how to choose passwords.
As a background, Edward Snowden was a system administrator for the Central Intelligence Agency and a counterintelligence trainer at the Defence Intelligence Agency. He gained international attention in 2013 when he disclosed to several media outlets thousands of classified documents that he acquired while working as a NSA contractor.
Snowden’s leaked documents revealed numerous global surveillance programmes, many of them run by the NSA and the Five Eyes with the cooperation of telecommunication companies, European governments and several online platforms, including social media platforms we are all conversant with.
He has said a lot about government surveillance programmes, interne security and protecting our Internet accounts as well as digital footprints in an environment of a free-and-unhindered-Internet community.
During his short discussion with Oliver, they both shared salient lessons that need to be examined. I hope to share some of them with you.
Using personal details makes guesswork easy
Most people make hacking easy when they use their years of birth as passwords and keep their ATMs and another IDs containing their years of births in one place. While people can easily guess details that you may use, you should attempt to put a spin on the details so as not to allow for easy guesswork. Some people also use the names of their spouses when those names are also readily available online, especially on social media.
Passwerd is a very bad password
Oliver made an attempt to share types of password with Snowden and he mentioned the word passwerd, which is an attempt to use dictionary words but twisted in a special way that makes it easy to remember and, typically, to deceive anyone who wants to guess.
The fault here is that, most times, we think guessing password is not done manually. Large-scale virus attacks and hacks are usually done by a computer script, which runs your account against all possibilities, in the dictionary, essentially doing all that in less than 10 minutes.
Running it against all permutations related to the words in the dictionary will be accomplished in less than that time. This method of forcefully generating details to access your account is called brute force.
From password to passphrases: Margaret Thatcher is 110 per cent sexy
While Oliver mentioned that admiralalonzo-ghostpenis420YOLO” is an example of a password the NSA whistle-blower thought it was “pretty good.” He chose a controversial, hilarious and easy-to-remember one; Margaret Thatcher is 110 per cent sexy.
The simple lesson here is to move from simple passwords into passphrases. Passphrases are phrases that are not necessarily in the English dictionary and are therefore harder to be auto-generated. They also contain a balanced mixture of numbers and symbols in a haphazard way that makes it hard for computer programmes to generate.
Most of us still won’t do it
Unfortunately, Oliver ended with what everyone knows – most of us won’t still do it.
When we come to the point when we need to choose between what we can remember easily and a secure password, most of us simply choose what works best for us.
As technology continues to permeate into our daily lives, it is becoming obvious that Internet security experts will continue to battle hackers.
For Internet security experts, however, the weakest link will continue to be: we the vulnerable user who can be easily deceived, nudged and hacked to provide information that may compromise us. My simple advice remains: be paranoid, always.
No comments:
Post a Comment