Computer security and insecurity

padlock_aj_ashton_01The media has been full of woes recently where highly-sensitive data is stolen from computer systems around the planet. Government files, names, email addresses, postal addresses, credit/debit card numbers are all fair game it seems and make great media ‘shock’ stories.

However, these problems come up once or twice a month. What about the problems that happen more often? Like every hour?

A recent report on the Huffington Post website concerned the most common passwords for IT systems. The winning password, by a very large margin, is ‘password’. Variations on ‘123456’ are also prevalent. That could mean that your office, or home, computer password can be guessed with ease by anyone with physical access – if you even use a password there.

I remember a time when a very large UK organisation (no names!) would reset passwords over the phone for users to just ‘password’ and relied on that user to change it. Needless to say, not everyone did. It’s pretty certain that some accounts were compromised. That password policy was changed eventually but some employers and website operators do not enforce complex passwords.

So what makes a complex password? More than 8 characters (more than 10 ideally), a mix of upper & local case letters, one or more numbers and inclusion of punctuation such as !£$%&()/ .

However, as most browsers (Internet Explorer/Firefox/Chrome etc) will happily remember passwords to your Amazon/Ebay/Paypal etc accounts, unless you password your computer then the local child will happily spend your money by ‘playing’ with the computer.

So, what else can go wrong? I’ve said before that a strong email password is essential, especially if you use Webmail. Anyone obtaining access to your email would be able to initiate password resets on many online accounts, hence gain full control of those accounts. Some services, such as those provided by Gmail (and Google in general) will allow a two-step verification by sending a code to your mobile before any password change is allowed.

One final word; if you have an older wireless router/hub then it may not require a password in order for you, or anyone else, to connect to it. Fortunately all recent routers/hubs have passwords enabled by default. However, no password means that not only could someone use your internet connection without your knowledge but they could also use the router to access your home PC(s) – especially if there’s no password protecting them!

PS writing the password(s) on a sticky note and putting it under the keyboard, or on the laptop’s lid is  the perfect example of computer insecurity.

Some other ideas on the same subject: