Charlie's Thoughts

Now that I finally have some time on my hands again, I thought I'd get back to what blogging is really about. Random things! As I sit in Computer Science class and check my bank statements, I couldn't help but consider a few Internet Security related ideas. So here are some tips, of course with mathematical calculations and statistical probability, about how to make your password stronger.

Follow up:

As we move into the truly digital age, our lives become more and more entangled with the internet. At this point, I'm not sure if it would be more devastating to have my SSN stolen or my Internet passwords. As I did my online banking the other day, I discovered that I had been moved over to the new super-safe image verified banking system thing. There is so much protection on that site, that attempting to break in would be similar to trying to sit down and do finger-painting on "Starry Night". It doesn't happen....unless your stupid.

So how does one not be stupid? Well two ways really. The first is: know how to pick a strong password. Having played with some password cracking utilities myself, there are clearly some passwords that are easier than others. Let's assume that you have trouble remembering passwords so you decide to use your house address as a password. Even assuming you have one of those weird 5-digit house numbers, thats only 10^5 possible combinations which would take a computer less than 1 second to crack. Now let's assume you think you'll be shifty and use your telephone number...no wait, telephone number with area code!!! You now have 10^10 combinations possible. 10,000,000,000. There are less possibilities than dollars in the national debt. At this point, you have given a hacker enough time to maybe watch a commercial while he waits.

Clearly numbers aren't the way to go. Using a 10-character alpha-numeric password, you now have about 3,656,158,440,062,976 combinations. That's like a gillion! But wait, if you mix upper and lower case.... 839,299,365,868,340,224, at this point there's almost no way that could be determined. However, there are stupid ways to pick passwords. Using your kids names, street name, etc. is a bad idea. Using your kids name with a 1 after it is still bad.

So what's a good way to pick a password? Well there are a Number of Good Ways to Pick a Password. WtaaNoGwtPaP. Get it? Sentances work great. Have trouble remembering caps? Use Proper Names. I love Charlie tons; he drives his Mercury Villager through EL. IlCthdhMVtEL. They don't have to be this long. I love pink bunny rabbits. ilpbr1234. Why not toss some number on the end for variety?

So now that we know how to pick a password, there's another very STUPID way to get your accounts hijacked. Sarah Palin did it, and so can you. DO NOT USE PUBLICLY AVAILABLE INFORMATION AS YOUR CHALLENGE QUESTIONS. It takes me even less time to look up the city you were born in and your mother's maiden name than it does to guess your password. So don't do it. Even your pet's name is iffy. Some of the good ones my bank had which I saw were preference things. What was the first concert you went to? What is your favorite flavor of Ice Cream? Who was your first love? Anything that is your favorite or subjective is good.

So those are two good rules for not getting your password stolen. Of course if someone gets a keylogger on your computer you are screwed anyways. But give yourself a chance, make a good password.