Received: (qmail 51131 invoked from network); 27 May 2002 23:59:36 -0000
Received: from unknown (66.218.66.218) by m4.grp.scd.yahoo.com with QMQP; 27 May 2002 23:59:36 -0000
Received: from unknown (HELO n19.grp.scd.yahoo.com) (66.218.66.74) by mta3.grp.scd.yahoo.com with SMTP; 27 May 2002 23:59:36 -0000
X-eGroups-Return: lsksuresh@...
Received: from [66.218.67.167] by n19.grp.scd.yahoo.com with NNFMP; 27 May 2002 23:59:36 -0000
X-eGroups-Approved-By: jaybee2741
X-Sender: lsksuresh@...
X-Apparently-To: agathiyar@yahoogroups.com
Received: (EGP: mail-8 0 3 2); 27 May 2002 23:52:20 -0000
Received: (qmail 15233 invoked from network); 27 May 2002 23:52:20 -0000
Received: from unknown (66.218.66.217) by m3.grp.scd.yahoo.com with QMQP; 27 May 2002 23:52:20 -0000
Received: from unknown (HELO tomts15-srv.bellnexxia.net) (209.226.175.3) by mta2.grp.scd.yahoo.com with SMTP; 27 May 2002 23:52:20 -0000
Received: from pavilion ([64.229.144.126]) by tomts15-srv.bellnexxia.net (InterMail vM.5.01.04.19 201-253-122-122-119-20020516) with SMTP id <20020527235219.ZNFW3010.tomts15-srv.bellnexxia.net@pavilion>; Mon, 27 May 2002 19:52:19 -0400
Message-ID: <018d01c205d9$a001a660$0200a8c0@...>
To:
Subject: Passwords reveal a lot about users
Date: Mon, 27 May 2002 19:52:55 -0400
MIME-Version: 1.0
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
From: "L. Suresh Kumar-LSK"
Reply-To: "L. Suresh Kumar-LSK"
X-Yahoo-Group-Post: member; u=107478063
X-Yahoo-Profile: lsksuresh
X-Yahoo-Message-Num: 18286
_________________________________________________________________
Passwords reveal a lot about users
This CTV News article was sent from a phone using Sympatico
Wireless Please also see http://wireless.sympatico.ca
Passwords reveal a lot about users:
(Canadian Press) - TORONTO - That random catchphrase you use to
restrict entry to your e-mail, online bank account and favourite
e-retailer might not be so random after all.
Psychologists have long been able to decipher an individual's
personality from studying his or her password choice - something
computer hackers are eager to take advantage of. ``Passwords are
never random, difficult to guess things,'' said Paul Hoffert, a
professor of culture and technology at York University in
Toronto.
``Despite the best efforts of network administrators, passwords
tend to be fairly easy to guess words simply because it's easier
for people to remember those things.''
Please see below for tips on creating a hacker-resistant password
Computer passwords have become akin to personality inkblot tests
as millions of people try to sum up their essence with a few
taps on the keyboard. That means guessing the secret code used
by your teenage daughter or office mate can be relatively easy
if you're armed with some simple ammunition.
A recent survey of 1,200 people working at 30 companies in
Britain by CentralNic, a London-based domain registration
company, showed that people tend to fall into four password
categories.
- Family: Nearly 50 per cent used passwords related to the names,
nicknames or birthdays of spouses, parents, children and pets.
- Fans: This group, 32 per cent, chose words according to
favourite sports teams, cartoon characters, musicians and film
stars. That means that framed poster of Star Wars hanging in
your office is a dead giveaway that Darth Vader or R2D2 is your
password.
- Fantasy: These people, 11 per cent, were self-obsessed computer
users who picked words like sexy, stud or goddess to unlock
their private information.
- Cryptics: This was the most security-conscious group, less than
10 per cent, who mixed lower and upper case letters, numbers and
punctuation in order to keep nosy hackers away.
Password-cracking programs are designed with similar categories
in mind and experiment with variations of first and last names,
sports teams and MVPs, popular fictional characters like Homer
Simpson and Spiderman, numbers, punctuation symbols and foreign-
language terms.
The challenge in creating a hacker-proof password is to make the
password as difficult as possible to guess without making it
impossible for the user to remember, says Michael Murphy,
Canadian general manager of Symantec Corp., which specializes in
Internet security technology.
Hackers have three main techniques using easily downloadable
software to guess codes: a scanner-like dictionary of popular
words and phrases; ``brute force'' programs which can plow
through every possible letter and number combination in minutes;
and a combination of the two.
``There is really no such thing as a 100-per-cent secure
password,'' Murphy said. ``Given enough time and determination a
hacker can access a system.''
However, there are simple ways to protect yourself.
``The longer the password, the more time it will take a hacker to
break,'' Murphy said, adding that a hacker will likely move on
to another computer if it's taking too long to crack the code,
especially if there isn't anything of great value to steal.
Other steps include staying away from simple-language words like
``password'' or ``green,'' changing passwords every month and
never e-mailing passwords to anyone, even banks.
``Most people don't realize that e-mail is absolutely insecure,''
Hoffert said.
Even an inexperienced hacker who is really interested in getting
your security information can scan your e-mail and open any that
resemble notes to banks, online shopping networks or a system
administrator at work.
"People who want to nab your stuff can just put a sniffer on a
router and have a high percentage of likely hits,'' he said.
_________________________________________________________________
Some tips for creating a hacker-resistant password from Symantec
Corp., an Internet security technology company: (Canadian Press)
_________________________________________________________________
