Protecting Your Computer from Hackers

By Cindy Brauer

Simple, easy-to-remember computer passwords used over multiple accounts—the kind popular with many of us—essentially gives the “keys to the kingdom” to hackers, endangering a person’s digitally stored files. At stake for scientists at The Scripps Research Institute (TSRI), for example, can be years of valuable research data and other proprietary information.

Yet creating and remembering complex and unique passwords can leave the individual wondering, “How do I do that?” admits David Matusiak, TSRI information security manager. To help answer that question, Matusiak recently presented a Cyber Awareness workshop on methods for drafting strong passwords and storing them securely with easy recall.

According to Matusiak, strategies for creating security-favorable passwords include:

• Using lengthy, complex passwords
• Creating unique passwords for each important account
• Employing a mixture of alphanumeric and special characters (@, #, $, etc.)
• Changing passwords every six months
• Storing passwords in an encrypted vault

He also advised avoiding common risky password practices, such as:

• Using dictionary words, as hackers use special programs that cycle through millions of letter/word combinations per second to uncover individual passwords
• Using personally familiar terms, such as pet or family names, dates, addresses, birthdates, movies or music groups; social media, such as Facebook or LinkedIn, offer many opportunities for smart hackers to pick up clues to these kinds of passwords
• Letting browsers to remember passwords in plain, nonencrypted forms
• Logging onto websites without a URL that begins with “HTTPS”
• Sharing passwords
• Writing down passwords and keeping them near the computer or stored in an unencrypted form on the computer

Crafting Great Passwords

Matusiak suggested several techniques to generate secure passwords. The “sneaky substitution” method creates simple code-based passwords, exchanging alphabet letters with similar-looking numbers or special characters and mixing the letter case. With this technique, the letter “a” becomes the character “@”, O=, A=4, E=3 and L=1. The phrase “Meet me at home” becomes “m33TM3@Hm3.”

Another technique employs mnemonics to compress simple sentences; for example, ‘Here’s what I’m doing this weekend. Do you want to join in?” becomes “H’swI’dtw.Dyw2ji?” Combining mnemonics, parts of words and “sneaky substitutions” can create even stronger passwords: “The hefty cow grazes mightily” generates “Th3HefwGr@M1g”.

A string of random words, with separating characters, can also halt password hackers, says Matusiak. “Compiling.Scrabble.Distant.Burrito” or “correct+horse+battery+staple” are examples.

“Passphrases” create very long (and thus more secure) passwords by simply using a sentence without spacing between words, e.g., “MickeyMantleplayedfortheNewYorkYankessfrom1951to1968”.

Storing Passwords

The solution to remembering lengthy, complex and unique passwords is storing them securely in an encrypted vault and creating one very strong master password, says Matusiak, who recommends using cloud storage for the vault.

Available online—free or for an annual fee—vault programs auto-fill most log-in forms and can safely store private notes and other data, such as bank account, credit card and Social Security numbers. A few of these vault programs are:

• 1Password: www.agilebits.com
• KeePassX: a free, open-source, cross-platform program, https://keepassx.org, or KeePass for Windows, http://www.keepass.info
• LastPass: a free, basic program with available premium upgrades, https://lastpass.com

Matusiak ‘s two final pieces of advice are: “Do not write down the vault master password. Do change it annually.”

Send comments to: press[at]scripps.edu