Your Search results will appear here

Thursday, 17 September 2009

Banking/Online fraud--Passwords

Ok this post is all about passwords, the truth is most people hate passwords and choose something thats easy to remember with a few numbers usually birthdates added on to the end.
Thats just rich pickings and easilly guessed by most people and with the vast amount of private information posted on social network sites, pet names, favourite books, colours etc you name it they know it, particulary your password reset question. Once again i unterstand the desire and temptation to use "easy to remember" words. Below i will demonstrate how to select a strong password using your potentially easy to find info

AN EXAMPLE OF HOT CHOOSE A STRONG PASSWORD THATS EASY TO REMEMBER BUT HARD TO GUESS (TO A HUMAN)

Name: John Smith
DOB: December 12 1980
Address: 123 Test Lane, Hopetown, UK
Postcode: HT99 9XX
Favourite colour: Green / VERT
Favourite food: Chips
Fave sports team: Manchester united COULD BE FAVORITE ANYTHING!!!!!!!!
Pet name: Jack

OK if you replace the above example with your info you should understand this a lot easier.

Most passwords nowadays require you use to at least one number in your password and most people do this and actually use the number 1, or for most they use there door number or ultimately they use there year of birth.


From the example above we will use information from a few lines to create a secure password that uses only letters and numbers.

OK folks from the first line (John Smith) of course your name will be here, choose something that's easy to remember, don't add any numbers to it yet, done it yet??
good. I was thinking (J)and (S) as there both in capitals and you should never forget your name. So we now have the first 2 letters of our password

JS

alternately you can use (n) and (h) which are the last two letters in both names

OK the next line DOB, if i asked you to use the DOB (December 12 1980) to come up with something for your password who knows what you'd try, fact is you wouldn't add your birthday to get a total number would you!
eg.
December = 12th month
date = 12th day
year = 1980

so 12+12+1980 =2004

so we know have 6 digits for our password

JS2004

so skip the next 2 lines and go to colour , as you can see john smiths favorite colour is green and will never never change, but instead of just adding plain old green to my password i will type the colour green in french (to find this out simply type green in french in google or whatever your favorite colour is, you don't need to go learning french or anything and if you forget how its spelt just use google). So did you just find out your favorite colour in french? Well John Smiths is vert, green in french is vert. The reason for this is, most people will only write their passwords in their chosen language, fraudsters know this and makes things like password guessing and secret answer reset easy

REMEMBER THIS IS JUST AN EXAMPLE YOU CAN USE ANY LANGUAGE

Now we have and additional 4 letters for our password, so our password looks like this now

JS2004vert


Now back to the address line can you see the secret (not really secret but bet you cant guess) number in John Smiths address and it ain't 123 lol.
Got it yet?
Thought not
simple

123 =3
Test =4
lane =4
hopetown = 8
uk =2
3+4+4+8+2= 21

Again your address don't change that often, so you should do this once and remember the number easily. Remember you don't have to use your home address to do this, you could use work address, favorite football ground address, i only do this to give us a number for our password. We know have 2 additional numbers, so we have 8 digits altogether now

JS2004vert21


Lastly return to your fave food which in John Smiths case is chips add this to our 8 digit code, so we end up with
Js2004vert21chips
click here to check password strength

now john smith has a good strong password using info about himself that should never change. Once you repeat this over and over in your head it will be as easy to remember as your name. Now john smith can join rbs digital banking using a password of
rbsJS2004vert21chips
A paypal password

paypalJS2004vert21chips

Obviously the above is a guide only, but it will give you a password that's easy to remember but very difficult to guess (to a human), the fact is there is password cracking software that can use dictionaries from every language conceivable and with today's top-end computers capable of running quad-core processors and up to 8GB of RAM a Brute force password attack on a password like that wouldn't take long at all.




There is also a clever piece of software called WYD which is an open-source password profiling tool. You simply input personal information into it such as John Smiths information above and a list of possible passwords pops up. OOPS so our strong password is not really that strong after all is it!! To eradicate this i use something i call password story telling which i will explain in another post as this post is already too long.


I Hope this has helped some of you, but doubt it has helped all of you. Some of you might still prefer to use your simple passwords like
qwerty letmein vodkarocks carrick1
weed187 pear
The best you could do is add the site name before/after your password like

facebookqwerty
hotmailqwerty
qwertygmail
etc etc, this significantly reduces the ability for someone to guess 1 or all of your passwords(remember you most likely use the SAME PASSWORD on the Internet for everything you do).

Now armed with the above information you can easily find strong passwords your comfortable with, hopefully you will change your password at least once a month (i know its hard for you but it is your identity and the whole drama of having your online bank account compromised can be very daunting experience.

Hope you join me in the second post password story telling.

REMEMBER THIS POST IS JUST REFERRING TO PASSWORDS AND NOT PIN NUMBERS








No comments:

Post a Comment