IT Security Basics: Tips in Safekeeping and Protecting your Password

Preface

The main reason I wrote this article is to educate computer users to protect their username or password or simply “identity” in digital world against the eyes of malicious minds. Education and awareness are the best tools that you’ll ever have in this modern world.

Introduction

To start the new year, let us have a short discussion with something basic in IT field and it's about "Safekeeping and Protecting Your Password". Passwords are strings of characters used to authenticate/authorize a user to gain access to computer networks and services. This password could be your personal/corporate accounts, online bank accounts, email accounts, desktop accounts and etc. A poorly created password gives a false sense of security. You might already know this stuff and you might say these thoughts "This is BASIC”,” I know this stuff since I was in grade school". I admit this is too redundant but not all people out there are taking this seriously (trust me). In this article, I'll share some of my basic tips yet effective in safekeeping and protecting your password.

TIPS:

• Golden Rule “Don’t share your username and password to anyone”.

• Use a strong password. Passwords should be 8-16 or more characters mixed with alphanumeric (A-Z, 0-9) and special characters such as (! #,@,%,&,*) to make it hard for the hackers to crack by any means ex. Brute force attack. In hacking term, brute force attacks are done using automated software specifically to try every possible code, combination, or password until you find the match one. Try to check the software applications “Brutus” and “Rainbow Crack”. No password is guaranteed secure but having a long password will take millions of years for a hacker to crack, thus increasing your password security.

• You can use the technique “passphrase” in creating a cool password that you can remember. I’ll cite an example -- “Il0p1&sp” which was derived from “I l0ve p1zza & sPaggeti. You can actually create cool sentences then apply the “passphrase”.

• Never use a password based on yourself or family such as birth date, age, parent’s name, home address and other personal information. By simple guess based on your personal information and if successful, one can access your account. Social Engineering is the best way to gather this information, usually used by attackers.

• Never use a password formed out of dictionary such as money, love, food, sex, glory and etc.

• Never write your password anywhere. Writing your username and password at the back of your keyboard, mouse, and monitor on your home/workplace is a big "NO". To conclude, always remember your password in your head.

• Regularly change your password. Always make it a routine to change your password once a month or every quarter of the year. Losing your personal email is a shame.

• Don’t use your previous passwords. Changing your password regularly and using the past passwords is useless.

• Based on my personal experiences, it would still be advisable to use your own computer than renting in a computer rental shop. Why I said this? Simply, you don’t know if the computer shop manager is well versed with IT security or a computer Trojan virus might be residing within the network. Moreover, a potential hacker can install a keylogger application to steal usernames and passwords without the awareness of people renting in the computer rental shop. Of course, you don’t want to wake up early in the morning staring at your ceiling because your personal email address was hacked. This is only my point of view and I’m not against with computer shop owners. I admit that computer rental is unavoidable especially to students who can’t afford to buy a computer but this is the reality.

Thank you for giving your time in reading my article and I hope you learned something. Please share it with your friends and let us make IT fun and better.

Cheers,

Engr. Ralph Christian Payumo, CCNA CCSP Security+
Security Analyst