By Jennifer Hayman
Network Administrator
RACC ENTERPRISES

A professor once told me that the only safe computer is one that isn’t connected to anything, sitting inside a sealed bunker at the bottom of a shark tank, inside a secure building guarded by lasers, machine guns, ninjas….. I’m sure you get the picture. But we can’t use that safe computer, even if we could get to it. Why? Remember, it isn’t connected to anything, and how useful would that be? We live in the real world, where our computers need to be connected. Unfortunately, that means that we are all in danger from hackers, looking to steal our information or tarnish our reputations. There are a few things that we can do to make it harder for them to do their dirty work.

Using anti-virus software, safe e-mail practices, and protecting our private information in hidden files are some of the ways we commonly use to protect ourselves. The fact is, no matter how good the programmer is, there is always someone better. It often comes down to the last line of defense: the password. I’m sure you’ve heard about encrypted passwords on television shows, and how the good guys always manage to crack them to catch the bad guy. The truth is, the hacker isn’t the good guy, and usually doesn’t have the kind of computing power that would be required, nor does he want to take that kind of time. Remember, he doesn’t actually want to work for his (your) money. That’s why he is a hacker in the first place.

There are a lot of different guidelines for passwords, most of them being the don’ts. We are going to focus on the three dos.

For one thing, they are no longer called passwords. They are now called pass-phrases. Yes, that does say phrases. The general rule is that a pass-phrase should be between 8 and 16 characters to really do its job, so using a phrase is better than a single word. It also helps because much of the password cracking software uses the dictionary. A single word is in the dictionary, but there are very few phrases in there. If you really want to confuse them, use a pattern on the keyboard that doesn’t spell anything.

Another rule is to make your pass-phrase complex by including at least three of the following four types of characters: upper case letters, lower case letters, numbers, and special characters. In a pass-phrase, using capital letters (upper case) for the first letter of each word would take care of the first two. Many people like to put a number at the beginning or the end of their pass-phrase, and that does satisfy the rule, but is it really a good practice? The experts say no, because the most often used is the number 1. It is recommended to use more than one number, and I personally have found that substituting some of the letters with numbers really works. The last is special characters, which include =,+,),(,*,&,^, etc. Some programs will block certain special characters because they can be part of a hacking code. If your special character isn’t allowed, just pick another, or omit it if you’re already covered with the other three types.

Changing your pass-phrase often also can fool a hacker. I know, it’s a pain to remember all of them, and it’s human nature to dislike change, but it really is safer. That also may help you to not use the same pass-phrase for everything. If someone gets one of your phrases, you don’t want them to get to all of your information. (Yes, I did just put one of the don’ts in there.)The general recommendation is once a month. I have found that rotating through a list of them works well, and don’t change them all on the same day. Yes, you can keep a list of them, but make sure not to call the file “passwords” and to protect it with; you guessed it, a pass-phrase.

So remember these rules; 1. Long, 2. Complex and 3. Change. Following these three rules can make you safer in your connected world, and make those nasty hackers work to get through our last line of defense.