Topic: Google Offers Advice on Secure Passwords (dictionary attack, password generator)

[Samker]

It's National Cyber Security Awareness Month, and Google wants to remind you of a basic tenet of online security: passwords. Considering that October started off with a security breach that struck  more than 10,000 Hotmail accounts, a security review may not be such a bad idea. Michael Santerre, Google's Consumer Operations Associate detailed Google's password advice in a recent blog post: http://gmailblog.blogspot.com/2009/10/choosing-smart-password.html

Some of Santerre's precautions are things you've likely heard many times before: don't use personal information like your name or birth date, and don't use simple passwords like "password" or "letmein." Instead, Santerre says you should use a unique password for every site, one that includes a mixture of numbers, letters, and symbols. This will help protect you from dictionary attacks, where a hacker uses a program that tries millions of word and letter combinations to guess your password. But keeping track of so many passwords can be tough; Santerre advises you to write your secret codes down or keep them in a computer file, just don't give your file an obvious name like 'paswords.doc.' or 'Fort Knox.txt.'

Finally, keep your password recovery options up to date so that a hacker can't take over an abandoned e-mail account. Let's say your ilovegmail@gmail.com account uses ilovehotmail@hotmail.com as the secondary e-mail address for the password recovery option. If you've forgotten about that account, a hacker could sign up for ilovehotmail@hotmail.com and end up hacking into your Gmail account. This is exactly how a French hacker gained access to Twitter's company files earlier this year.

If you're worried about your password security, here are a few more tips:

1) Use a combination where you substitute letters for numbers, words for numbers and include random capitalization. For example, 19 Peach Place becomes 0ne9peacHpl!--note the random exclamation mark at the end.

2) Create a sentence and then pull the first letter from each word, substituting numbers or even symbols were possible. Turning a sentence like, "Zachary Taylor was the twelfth president of the United States," into ZTwt12potUS.

3) Use a random password generator. You can find several online like Strong Password Generator: http://strongpasswordgenerator.com/

4) If you've chosen your own number, letter, and symbol combination, but aren't sure how strong it is, run it through Microsoft's Password Checker: http://www.microsoft.com/protect/yourself/password/checker.mspx

5) So now you've got a strong password for all your important e-mail and banking accounts, but how are you going to keep track of all of these endless codes? Consider using a password manager, or just keep them on a piece of paper in the physical world--just don't attach the list to your computer.

(PCW)