NOTICE [09/13/2010]: Formspring, the website which receives the questions asked above, is experiencing technical problems. If you send a question and it remains unanswered for over 24 hours, feel free to email your questions to NoBullTech@gmail.com.


Welcome to No Bullshit Tech! This is a blog I have created for answering your technology questions.

I've spent the last 5+ years in the computer repair business, and while I enjoy my job, I'm not always allowed to give the advice and recommendations I feel I should. Sometimes this is because of contractual reasons, other times it's because of business reasons. Regardless, I established this blog to create an environment without corporate, contractual or business bullshit.

So feel free to ask me a questions about your computer repair woes. Everyone has questions about fixing, optimizing, configuring and securing their computers, and I have the answers. Even if I don't have an answer for you, I can probably point you in the right direction.

As the ball gets rolling, there is a probability that your question has already been answered. Scroll through the previously answered questions and see if anything there can help you.

Since this is a side project, I may not be available 24/7. I will attempt to answer at least one question everyday, however. Once you've asked your questions, check back frequently to find your answer and many other answers.

Obligatory legal statement: By viewing or utilizing my free service, you waive No Bullshit Tech and all it's author from any liability for damages that come as a result of upgrading, modifying, repairing, optimizing, or in any way altering or modifying your property. This service is free and as such, it comes with no warranties or guarantees of any type. Use the information you receive here, as well as from any online source, with digression and at your own risk.

Monday, September 13, 2010

Question #1: How do I create a secure password?

With all of today’s talk of viruses and trojans, many people forget that one of the easiest ways to protect your self on the internet is with a strong and secure password. Think of all the things you use a password for – online banking, online games, blogs, social networking, email and many others. All of these websites hold something valuable to you, weather it’s the money in your checking account or the hours you’ve invested into your level 80 paladin.

To understand how to make a secure password, you first have to know how someone attempts to crack them. Most password-hacking utilities are called “brute force” applications, and they do just that – force their way in. These programs will use a massive list of dictionary words, common passwords, and popular key combinations to try and guess your password. While this might seem like a lofty job, they work very quickly. A brute force utility can burn through hundreds, even thousands of passwords faster than you can type your first guess.

Knowing this, you should follow some basic rules when creating a password.

1.      Use as many characters as you can. An 8 character password is exponentially stronger than a 6 character password.
2.      Never, under any circumstance, use a dictionary word. If there is a legible word in your password, you’re doing it wrong. Any word that you can find in a dictionary is like locking your front door and leaving the key under the mat.
3.      Never use names, places or dates. In the grand scheme of all possible letter, number and symbol combinations, FredAspen1972 is pretty easy to guess – especially for someone who knows you, or for a brute force application programmed to try every common name/place/date.
4.      Make sure you use lowercase letters, uppercase letters, numbers and symbols. Everyone puts numbers/symbols at the end, so don’t be predictable. Mix them in.

This is my process for creating a new password. I highly recommend you adopt this process.

  1. Open up a blank Word/notepad/word pad/text edit application.
  2. Close your eyes. Type 8 to 16 random letters and numbers. If you did it right, you should get something like “ht8jg8o6” or “lf95j7zuq1”
  3. Now choose two or three of the letters and capitalize them. For example: “hT8jG8o6” or “Lf95j7ZuQ1”
  4. Now throw one or two symbols in the middle somewhere. This can include pound, exclamation mark, money sign, or any of your favorites. For example: “hT8!jG&8o6” or “Lf%95j7Z$uQ1”. Some websites and applications will not accept passwords with symbols, if this is the case just omit this step.
  5. Write your new password down. This is the most important step. You have a very complex password now, which not only makes it very hard to crack, but also makes it real tough for you to remember. Write it down twice – take one with you in your wallet/purse and put the other one somewhere safe in your house.
  6. Never save your password on your computer. Once again, this is equivalent to leaving the key under the mat.
  7. Make a new password often. I recommend 3 to 4 times per year. Some people choose to make new passwords and replace all of their old log-ins with it. Others opt to make a new password and only use it with new log-ins, thus creating a wide variety of passwords used across carious websites. This is up to you.

After a few days of typing in your new and complex password, you will eventually memorize it. Instead of remembering names and places, you will instead gradually grow accustomed to remembering key strokes and patterns on your keyboard.

On this topic, I frequently get questions relating to password management and password encryption software. While I won’t talk to the legitimacy of the companies that manufacture these types of programs, I will say that giving your password to anyone is a poor choice. Be it your best friend or a corporation, the more people who know your password, the less secure it is.

2 comments:

  1. Awesome advice here. Thank you so much!! This has been a major fear of mine recently, and this will help me!

    ReplyDelete