Risk
6/27/2011
05:54 PM
Connect Directly
RSS
E-Mail
50%
50%

Passwords: Tips For Better Security

You can make your passwords more secure if you follow a few simple rules: Don't reuse passwords, make them long and random, and don't be afraid to write them down, say security experts.

10 Massive Security Breaches
(click image for larger view)
Slideshow: 10 Massive Security Breaches
Accordingly, the simplest and easiest way to increase password security might simply be to write passwords down, albeit preferably in a highly secure manner. "The best investment you can make is to go out and get a [digital] wallet to keep your passwords in," said Thomas Kristensen, chief security officer of Secunia, a vulnerability information provider, in an interview. "To reuse your password on different sites is just the worst thing you can do. Look at all of the compromises of websites this year--there's the risk that they'll lose your account, and once your password is out there and associated with your email address, you probably won't know it's been stolen until they've heisted something."

Another advantage of digital password wallets is that the software not only makes it easy to store passwords, but also to generate a strong, highly random password. That makes it trivial to maintain a different password for each and every website used. Accordingly, the next time hackers crack a Sony password database, even if it contains your username and password, hackers won't be able exploit that combination anywhere else.

Digital password wallets, however, do mean one more piece of software to download, install, and use. "It's a nuisance, I know," said Kristensen, who's been using an open source application called KeePass for 10 years. But he said that using digital password wallets is simply a best practice. "It's not the perfect solution, but it's much better than reusing passwords."

When it comes to password management software that stores passwords securely, there are numerous options. For example, Bruce Schneier, chief security technology officer at BT, created PasswordSafe, an easy-to-use, open source password database for Windows. Such software is also available for the Apple OS X (for example, shareware PasswordWallet, which also works for Windows). Another option, the aforementioned KeePass, runs on both of those operating systems, as well as Linux.

Furthermore, many password wallets will synchronize passwords between your computer and mobile devices, meaning you can always carry a secure, password-protected copy of your passwords and PIN codes with you. (For the record, people's PIN-picking practices are arguably even poorer than their password selection habits.)

To recap: secure passwords by creating a unique and random, long and strong password for every website that matters. Then keep these passwords secure by storing them in a digital safe. Do that, and don't fear the next LulzSec.

Small and midsize businesses are falling prey to cyberattacks that cost them sensitive data, productivity, and corporate accounts cleaned out by sophisticated banking Trojans. In this report, we explain what makes these threats so menacing, and share best practices to defend against them. Download it now. (Free registration required.)

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-5700
Published: 2014-09-22
Multiple cross-site scripting (XSS) vulnerabilities in Baby Gekko before 1.2.2f allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/index.php or the (2) username or (3) password parameter in blocks/loginbox/loginbox.template.php to index.php. NOTE: some o...

CVE-2014-0484
Published: 2014-09-22
The Debian acpi-support package before 0.140-5+deb7u3 allows local users to gain privileges via vectors related to the "user's environment."

CVE-2014-2942
Published: 2014-09-22
Cobham Aviator 700D and 700E satellite terminals use an improper algorithm for PIN codes, which makes it easier for attackers to obtain a privileged terminal session by calculating the superuser code, and then leveraging physical access or terminal access to enter this code.

CVE-2014-3595
Published: 2014-09-22
Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.4 through 5.6 allows remote attackers to inject arbitrary web script or HTML via a crafted request that is not properly handled when logging.

CVE-2014-3635
Published: 2014-09-22
Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows remote attackers to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one m...

Best of the Web
Dark Reading Radio