Scamerican dream

Chapter 55. Addendum. Weak and strong

Strong password! Strong password? Always and everywhere specialists tell you to come up with a complex password. Oh, forget specialists, think every time you try to register a new online account, be it email or some other service. The ‘smart’ server checks your basic and favorite admin/ sex/ god/ love or katy1990, insists and won’t let you register until you come up with a 15-character password, like Lf40mmrQ0o123zZ.… Memorized it? Well, I can’t, which is why I believe that the issue of unauthorized access has for a long time now been unrelated to the quality of the password. I must state for posterity’s sake though that once a year a stick might shoot. I mean, it’s very rare for a simple weak password to become the cause of unauthorized access. 99.9999% can be attributed to a different reason, and only 0.0001% — to a weak password. To make everything clear, I’ll explain using some examples:

Example 1: Danger — weak password.

You’re at work or in a café or at the university. You’re bored, so you decide to update your profile photo on Facebook, or sell a bag you’ve stopped liking on eBay, or check your bank account online. You type in your login and password. Everything seems fine, no hackers detected. Correct. But in this case the threat is not coming from mythical cyber-terrorists, it’s coming from your colleague or the girl you’re sharing the table with. Yes, she’s the enemy #1. Why? Because you have bigger tits or a leaner figure, or maybe simply because you have a comfier chair. So, this self-taught hacker, capable only of stealing vegetable on the merry farm, she will steal your password by simple peeking over your shoulder and memorizing which keys you hit with your finely manicured fingers.

Dude, sorry for the lame example, just the first thing that occurred to me. So, this fatty will get access to your account, you feel me?

Example #2: Danger — weak password.

Doesn’t matter where you are and what you are doing, your fat colleague or jealous boyfriend or strict mother is trying to pick your password. Remember, your name is Amy Smith, you were born in 1985, you like Justin Bieber, and you have a favorite dog called Dolly. Everyone who knows you, knows this. After a bit of consideration the evil ‘hackers’ start going through options: amy1985, AMY1985, smith1985…etc. BINGO. AMYSMITH1985. ACCESS GRANTED.

Example #3: Danger — strong password.

I doubt you’ll remember a password that is 20 characters long. Well, you might memorize one, but what if you have at least three of them for different services? Surely not. That means you’ll write them down on a piece of paper somewhere and eventually someone in your social circle who wants to get hold of this information will find where you keep your secret, unless you tattoo it on the inside of your eyelid!

Example #4: Danger — strong password.

Doesn’t matter your password is like, even its 100 characters long. If your computer is infected with a Trojan and there is a keylogger installed on it, you’re in serious trouble. Some malefactors know all 100 symbols, and the only thing that can save you is complete removal of the malicious software and an instant password change following it.

Listen, I am not suggesting you use passwords like love, sex, god, admin — this is totally lame. I am just saying, don’t get fanatical about it, everything should be done in moderation.

Simple example: your password is Dolly05151985. You use it for your favorite Yahoo mail account and for archiving information at home or in the office. As I said earlier, if the computer is infected, your password is known to cybercriminals and they can easily read your mail or zero out your bank account. They will hardly be interested in your password-protected ‘PHOTO’ folder that you keep in My Documents. I imagine you can guess yourself what kind of photos are usually password protected. However, your younger brother who disliked you and wants to score points with your mum and get some extra pocket money, will fail. His brain will probably be unable to guess this particular combination. Even if your brother is a computer guru and knows what BRUTE FORCE is, it will most likely not lead to anything.

And one last thing. Never! Remember, never use the same password for eBay and PP. Let them be katy85 and katy1985, little difference seemingly, but it can cause serious trouble for the malefactors. Let’s just say, it will increase your chances of winning in this cyber war.