Protecting Yourself with Passwords
Over the next few months we will be describing various ways that you can protect yourself from some of the unpleasant elements that lurk on the Internet and sometimes on the UT-H network.† Sometimes you see them, but most times you wonít even know they are there trying to get into your PC.† The first defense in keeping unsavory elements out is the password - one of the most simple, straightforward, widely used and least appreciated of all the defenses we have.††† Besides locking your door (if you have one!) it is the first line of defense against misuse of your PC that YOU control.†
Passwords are required almost everywhere and since we have so many different passwords, we use easy to remember passwords, no passwords, the password that came with the system or just leave the password the same as the one first assigned to us.† Not changing default passwords is the computing equivalent of leaving a note on the front door of your home instructing visitors to ĎLook where everyone leaves their door key to gain access to this houseí.† Having easy to guess passwords is the same as locking the doors but leaving the windows unlocked Ė it doesnít take much effort to install a program that can guess your password.† We ran one and found that more than 2,000 people had easy to guess passwords and it only took 8 minutes to scan 10,000 user ids.† Programs like these are available for free on the Internet.
Itís bad enough that weak passwords can allow someone to get into your computer and use it without your knowing, but they can also steal information to use later.† Itís like having a burglar who not only takes your stuff but steals credit cards for later use, makes dozens of long distance phone calls, spray paints graffiti on your walls, steals your only copy of your financial records, sends letters to your family and friends telling them what you REALLY think about them, set themselves up as you and starts spending your money and, last but not least, posts your address on the internet as being an easy target!
Itís a good bet that you have information on your PC that you donít want others to have and you donít want to lose.† You also donít want someone to load his or her personal collection of pornography on your PC or send that e-mail to your boss that you really wanted to send but valued your job more!† So, why make it easy by not using good passwords?
Here are some defensive computing tips for you to use to protect yourself from being a victim:
∑ The best place to start is by safeguarding all usernames and passwords assigned to you.† Never share your password with anyone NO MATTER WHAT!!! Never give your user-id and password to anyone over the phone and if someone asks you for it Ė call IT Security and report it.† The personnel responsible for password administration do not need your password to service your system.† And never forget that your user-id is logged so that any activity recorded using your user-id will implicate you!!
∑ Always remember to secure your PC when you are not using it. If anyone can use your computer when you step away, everything they do will be recorded under YOUR user-id and you will be held accountable.† Use a screensaver password to secure your PC when you step away.
∑ Donít allow Windows to remember your passwords, this just makes it even easier for people to capture your passwords because they are now stored on the PC instead of just being transmitted on the network!!!
Creating a strong password:
∑ Donít use any dictionary words or common names
∑ Never use the user-id or dates like your birth date, anniversary, and hire date because if your personal records are compromised the information can be easily gained.† Most attackers depend on unsavvy users and use social engineering to gain vital information about people and then use that information to guess their passwords.
∑ Combine short, unrelated words with numbers or special characters. For example: eAt42peN
∑ Make the password difficult to guess but easy to remember
∑ Substitute numbers or special characters for letters. (But do not just substitute) For example:
∑ livefish - is a bad password
∑ L1veF1sh - is better and satisfies the rules, but setting a pattern of 1st letter capitalized, and i's substituted by 1's can be guessed - l!v3f1Sh - is far better, the capitalization and substitution of characters is not predictable
∑ If you must write down your passwords to help you remember them all be sure and keep them on your person or locked in a safe place at all times.
∑ If you think your password has been compromised contact the Helpdesk (713-500-4848) and change the passwords immediately.† Please report the incident to IT Security at 713-500-2260.
Feel free to contact IT Security @ 713-500-2260 or firstname.lastname@example.org
Cynthia M Davis-Davenport : March 2002