My state-wide teaching tour continues next Tuesday, February 21, 2012, 6:30 p.m. at the Mustang Public Library in Mustang, OK.
The class, “Fight the Internet Bad Guys and Win!” will teach you how to defeat the Internet bad guys who want to mess with your life. The class is free, one night only, and will last about 90 minutes. If you use a computer, you should attend. Visit my website for more details.
One section of the class is devoted to passcodes. “What is a passcode?” you say. It’s the term I want to start using to replace the word “password.”
The reason for this is simple, and it’s based on one of the fundamental rules of Internet safety. A pass “word” should never be a word. That’s right, a password should never be an actual word. It should never be any word that can be found in any dictionary on earth.
With that in mind, I’m going to start using the term “passcode” to refer to those things that we use to login to our various Internet-related accounts. Your login thingy should look like a code, not a word. When you look at your passcode, it should look like gobbldegook, a jumbled up mess that does not resemble an actual “word” in any way.
I wish it weren’t so, but it is: weak passwords lead to hacked and virus-infected computers. Hacked and virus-infected computers lead to lost files, compromised identities and expensive repair bills.
Don’t be one of those “who cares” computer users who thinks they are somehow immune to the Internet’s many diseases. Get in touch with reality now, while there’s still time. It is not an exaggeration to say these “who cares” people that should not be allowed to use computers, because they are making the world a more dangerous place for everyone.
The problem with weak pass “words” is that they can be easily and quickly hacked and cracked by the Internet bad guys. Performing what is called a “dictionary attack” (one that looks for words found in dictionaries) is easy. In my class, I demonstrate how powerful password-cracking programs, downloaded for free from the Internet, can quickly crack lame passwords. Believe me folks, cracking lame passwords is easy; so easy even a caveman could do it.
Failing a dictionary attack, the bad guys then turn to what is known as a “brute force” attack. Given enough time, brute force attacks almost always work. The way to foil brute-force methods is to use long passcodes. Passcode length is vital to building strong passcodes. Using a modern computer, the times that it takes to brute-force crack passcodes are:
– 5 characters = 10 seconds
– 6 characters = 1,000 seconds
– 7 characters = 1 day
– 8 characters = 115 days
– 9 characters = 31 years
– 10 characters = 3,000 years
As you can imagine, no bad guy wants to spend 31 years trying to crack your passcode. He would much rather move on to attacking someone else, someone who does not follow the rules of passcode safety.
Start practicing good passcode policies today; believe me, it’s much easier to use a complex passcode than it is to repair your credit history or recover from an identity theft incident. The choice is yours.