Tuesday, April 20, 2004
Carmel on the Case: Secure Passwords
E-mail... Voicemail... ATM's... Many of us would be lost without them. But without even knowing it, you may also be making it easy for someone to crack your personal code. The problem: All the PINs and passwords we're required to remember make us targets for identity theft. Carmel Cafiero is On The Case.
(WSVN) -- Like a lot of people, Amanda Schwartz finds she can't get through a day without being asked for a secret: Her PIN, or personal identification number.
Amanda Schwartz says, "I'll start with my Novell login... Then, after that, I go to my Windows login... Once I get access to that, I go to my e-mail, and I have a password for that, so, finally, I'm in."
And that's just for her work computer!
Amanda has several e-mail accounts, credit cards, and frequent flyer programs.
Then there's her work voice mail, home answering machine, eBay account and ATM... For a grand total of twenty passwords.
Sounds pretty high, doesn't it?
Well, security experts say, to be safe, you should use different passwords for each account.
Many people find that's easier said than done.
"I use basically the same PIN code for everything," says one woman.
For a simple reason.
"So I don't forget," says a man.
Many of us stick with one password because too many is too much stress.
Dr. Jim Olds, an expert in memory research at George Mason University says, there is a condition he calls "password anxiety."
He says, "When our memory is under stress, we then relate to salient aspects of our memory. Salient aspects of everybody's memory have to do with things like my birthday, my wife's birthday, my pet's name, very obvious things about your life."
And all obvious to hackers.
For instance "hi" is too short.
"Cindy" is a common name.
Cindy spelled backwards... Won't fool a hacker.
Porsche 911… It's a popular product name.
Passwords with numbers in a sequence... And numbers substituted as letters are also easy to figure out which is why h-3-1-1-0 which looks like hello is also easy to figure out.
Jerry Brady, acomputer security expert, says, "This is a password sniffer."
There are even software programs out there designed to give a hacker access to easy passwords.
"It's designed to pick passwords off the wire and it will display them on a screen," Jerry says.
Security expert Jerry Brady says the programs search through messages sent from your PC to a server.
It looks for typical passwords and then highlights them.
Jerry used one program to break into a newsroom computer -- and he did it in seconds.
"It noticed what your user ID was over here," he says.
But there are things you can do to make it tougher for password thieves.
Mix up the case... and use punctuation in your codes.
Instead of "soccer"... use S*0.ccer.
Instead of "pro football"... use Pro%FOotball.
Of course, that means you have to remember a handful of complex passwords.
That's why Dr. Olds thinks, ultimately, the answer is to get rid of passwords, and use biometrics, an iris scan or thumbprint.
Dr. Olds says, "If I have a scanner scanning you as you approach the ATM machine, then I really don't need you to enter a PIN because I know it's you."
But, until the machines can tell the real person from the con artist -- passwords are a part of life. With identity theft at an all-time high... it pays to do all you can to protect your PC and your privacy.
For more information, or if you have a story for Carmel:
Call her in Dade at 305-627-CLUE
Or in Broward at 954-921-CLUE