Passwords & Patches

Passwords: Protecting the Gates

Though good password protection is fairly easy, users are too often lackadaisical in creating them; they settle for six- or seven-character words pulled straight from the dictionary, or the user’s personal life. A determined hacker only has to look at a Facebook page or utilize one of many password cracking programs available on the Internet to gain access. As such, password construction is more important than ever, and requires effort and creativity. Simply rotating through the same three passwords for every online account and program access point just won’t work.

Password Coding

The best password defense is a randomly-generated string of characters (12-15 characters long is a generally-accepted optimum length) with no relation to each other. Passwords like these are difficult to remember, but they remain your best defense—simply write them down and take the time to memorize them. To create passwords that are a bit easier for you to remember, come up with an encryption plan; for example, write out the alphabet, then randomly assign other letters, numbers, or symbols to each of the originals. Though it may seem like a bit of work, doing so puts you on your way to creating a strong password system that you can again and again.

If you do choose your own words, don’t simply open up a dictionary and pull something out. Be sure to insert numbers, capital letters, odd spelling, and symbols to make ensure password strength. Don’t settle for words spelled backwards or common abbreviations that you might like (e.g., SCUBA, SETI). Passwords like these are easily cracked, and with only a little extra effort you can do far better.

Here are some good password examples, and the words they derive from:

aLLi5gatoR974 not alligator
blacKBerri129 not Blackberry
DIScl23osure not disclosure

Above all, stay away from Social Security numbers, children’s birthdays, or other easily-guessed sequences that anyone who knows you (or can know you quickly via any social Web site) could find out easily.

Once you have good passwords, write them down—and by all means don’t store them on your computer in a folder called “Passwords.” Once you have them in hand, take care not to reveal them—never send passwords in an email, or type them while you’re on a public computer. It’s easy to forget that many computers are defaulted to remember Web IDs and passwords once they are typed in.

Patches: Protecting the Back Door

Patches are software fixes meant to fix issues discovered over time—primarily software bugs and security holes. Most users are never aware of these security issues in the first place; in fact, the software company itself is usually ignorant of the problem until a hacker somewhere exploits the gap and compromises someone’s computer system. Patches come out regularly, though people often do not utilize them in a timely fashion; according to Secunia, a Danish security software company, 95 out of every 100 computers are running unsafe software that requires updating.

Intelligent Patch Management

Chances are your operating system performs automatic software updates, finding new patches and downloading them as background activity, then applying them once you shut down your computer and restart. However, it never hurts to find out what the most current patches are, so you can make sure that your computer is up-to-date. What’s more, many users simply bypass their computer’s automatic update process by skipping it. The bottom line: let the automatic system work at the very least. And to truly protect your system, double-check available patches and make sure that you have them.

Of course, keeping track of patches yourself can be difficult to manage. Luckily, there are also programs available that will monitor the many programs installed on your computer and let you know which ones are running outdated versions. Then you can download the relevant patches and keep your computer updated at all times. Along with anti-malware programs, such patch maintenance is the foundation of secure computing, and should be monitored on a regular basis.