Blog Post #63 - Passwords - cyber security accounts locked, Open and compromised

I was in a website yesterday and was appalled by rules for Password.
What do they want for a password - The password you entered is not valid

• It must contain between 8 and 32 characters. Use only characters from the following set: ! # $ % & ( ) * + , - . / 0123456789 : ; < = > ? @ ABCDEFGHIJKLMNOPQRSTUVWXYZ [ \ ] _ ` abcdefghijklmnopqrstuvwxyz { | } ~

• It must contain at least 1 lowercase letter(s) (abcdefghijklmnopqrstuvwxyz).

• It must contain at least 1 capital letter(s) (ABCDEFGHIJKLMNOPQRSTUVWXYZ).

• It must contain at least 1 numeric character(s) (0123456789).

• It must contain at least 1 character(s) from the following set: ! # $ % & ( ) * + , - . / : ; < = > ? @ [ \ ] _ ` { | } ~

• It must not contain more than 2 identical consecutive characters (AAA, iiii, $$$$$ ...).

• It must not contain your user name.

• It must not contain your first name.

• It must not contain your last name

In the name of cyber security we need to understand every website and theiri rules for password. 

You use them every day from the computer to your mobile(if you don't have a password/pattern to protect your mobile or tablet please do it soon) 

Google has some rules for all of us at https://www.google.com/goodtoknow/online-safety/passwords/

Retrieval
Once you set up a password there should be a mechanism to retrieve it - 
accounts will try to send an email or text to your mobile phone.


Some tips from http://www.nytimes.com/2012/11/08/technology/personaltech/how-to-devise-passwords-that-drive-hackers-away.html?pagewanted=all&_r=0

talks about how retrieval challenge questions needs to be handled. If the challenge question is where are you born - your answer can be "I eat rice" (which I do). Unrelated answers avoids you getting hacked. Hotmail and Dropbox accounts were hacked using Mitt Romney's pet's name. Answering your challenging questions at set up causes you more pain. For challenging questions have challenging answers.

Where to store? - Google docs,drop box,sky drive,desktop,laptop - the answer is encrypted USB. Store passwords and challenge answers in a removable media (remove it ...don't leave it connected)

Some useful tips
Never use dictionary words
Never use a password which is People you know,like and message in facebook
Never add year of birth to your password(2 or 4 digits)
Always log out
Never store the password in chrome or IE or safari or any browser.


When you lose your laptop,phone or tablet don't lose your bank accounts and emails along with it.

What tips do you have for cyber security?

Keep Learning and be safe out there
Sivakumar Manikanteswaran