How a Pas5woRd Can Sink Your Company - NYTimes.com - 0 views
-
Back in the 1990s fellow science and technology journalist Charles Mann and I wrote a book uncovering the true story of how a lone, young, cognitively impaired hacker with relatively few computer skills managed to perpetrate what was then the most extensive and scariest series of computer break-ins ever — government weapons labs, dam control systems and ATM networks were among the hundreds of networks compromised. At the end of the book, we predicted that no matter how much effort was poured into making the Internet safer, hackers would always be able to have a field day, partly for technical reasons but also because companies and individuals would never get it together to take simple precautions critical to safe computing.
-
Sadly, Mann and I called it right. Viruses, trojans and spyware are bigger problems than ever. Employees unwittingly but routinely hand over their passwords to hackers who break into corporate databases to steal credit card and other information of thousands of customers. Private e-mail is rifled through and made public, and companies have their computers incapacitated by “denial of service” attacks. You need to ask yourself: Could your company survive an encounter with a hacker?
-
they’re always one step behind the latest hacking twist sweeping through networks. Even if you could afford to get a computer-security genius to come in and watch your company’s back 24 hours a day, he or she couldn’t fully protect you if you or any one of your employees were to slip up.
- ...8 more annotations...
-
Everyone knows by now, I would think, that you shouldn’t use a password that’s easy to guess. Hackers use automated programs that can find any password if it’s a word in the dictionary or a proper name, even if it’s spelled backwards.
-
But here’s the problem even tricky password users run into: Because we all need passwords for so many Web sites and accounts these days, people end up using the same password for many of them — or else write their passwords down somewhere. Both of these practices are disasters waiting to happen.
-
If you use the same password for many sites, all a hacker has to do is get your password at any one site — and some site out there somewhere is doing a lousy job of protecting your password — and he’s got it for all of your sites and accounts. So if a hacker or malicious employee at the place you buy shoelaces online lifts your password, he can get into your bank account and your company’s computers.
-
Here’s a better solution: Come up with a simple formula for generating passwords in your head that’s based on the name of the site or organization you’re signing up with. For example, you might take the name of the site (tractortires.com), drop everything but the first six characters to the left of the “dot” (tracto), reverse the first three letters (artcto), add the number “5″ after the third character and a capital “Z” at the end (art5ctoZ). By this formula, “plan9movie.net” gets the password “alp5n9mZ,” and “cellphone.org” yields “lec5lphZ.”
-
Make up your own formula, and don’t share it with anyone. It may sound a bit complicated, but after doing it a few times you’ll be able to do it in your sleep, and you’ll have a unique, impossible-to-guess password for every one of your accounts and sites without having to write anything down.
-
Every single one of your employees has to get with the program on this. If they’re writing passwords down, or using the same password everywhere, then they’re not just risking getting hacked at other sites, they’re also inviting hackers into any of your company’s computers or accounts to which they have password access.
-
So you might want to teach everyone in your company how to come up with his or her own in-your-head password-generating formula.
-
"Back in the 1990s fellow science and technology journalist Charles Mann and I wrote a book uncovering the true story of how a lone, young, cognitively impaired hacker with relatively few computer skills managed to perpetrate what was then the most extensive and scariest series of computer break-ins ever - government weapons labs, dam control systems and ATM networks were among the hundreds of networks compromised. At the end of the book, we predicted that no matter how much effort was poured into making the Internet safer, hackers would always be able to have a field day, partly for technical reasons but also because companies and individuals would never get it together to take simple precautions critical to safe computing."