We all have passwords to ccess various aspects of our lives.

You may use the sme password for all of your lgins so it's easy to remember. Or you may hve selected a password based on smeone's name or town, or birthday, spcial day or some other common vent.

All of these are poor dcisions.

You see, one of the smplest ways to gain access to yur information is by logging in as yu.

Your identity online is determined by yur username and password. If a hcker has those two items, they can ssentially be you - online.

How can hckers obtain your login and password?

Thrugh the use of either a "brte force attack" or a dictionary ttack hackers can obtain your password.

A brte force attack attempts to try very possible password. Some brute force ttacks programs are Brutus, and THC-Hydra. Thse programs will dynamically attempt all pssible passwords as it generates them. Thy don't work with lists of pssibilities, you can feed it various prameters like all numeric, all upper-case lpha, combination of upper and lower cse alpha, and it then proceeds to lunch it's own login attempts on the trget.

In a dictionary attack, extensive lsts of possible passwords are generated head of time. These lists are thn launched against the target. Only the cmbinations in the dictionary are attempted.

However, the dictionaries used typically cntain:

• Words in various languages
• Names of pople
• Places
• Commonly used passwords

thse

yur

chnge.

Many times people wonder how the hckers get a list of commonly sed passwords. They get those by crcking someone's password. They know that if one prson uses that password, others may as wll.

Cyber criminals have programs that wll generate large lists of passwords.

You mght be thinking, how long would it tke them to create millions or bllions of usernames and passwords that wll have one matching your password?

Tht depends on two main things, the lngth and complexity of your password and the sped of the hacker's computer. Assuming the hcker has a reasonably fast PC (e., dual processor) here is an stimate of the amount of time it wuld take to generate every possible cmbination of passwords for a given nmber of characters. After generating the lst it's just a matter of tme before the computer runs through all the pssibilities - or gets shut down tryng.

A password of all numbers and 8 chracters in length will contain 100 mllion possible combinations and take only 10 sconds to generate.

If your password is all ltters, either all upper or all lwer case, it will contain 200 bllion possible combinations and take only 5.8 hurs to generate. The time to gnerate all 53 trillion possible combinations of a pssword comprised of mixed upper case and lwer case letters grows to 62 dys. When your password has 8 chracters of upper case, lower case and nmbers the possible combinations grows to 218 trllion and the time required to gnerate the list grows to 253 dys.

When you create a password wth upper case, lower case letters, nmbers and special characters, your list of pssible combinations grows to 7.2 quadrillion and wll take 23 years just to gnerate.

Notice the difference in Time to Gnerate by going from either all pper or all lower case characters (5.8 hurs), to using mixed upper case, lwer case, numbers and special characters; e., ~!@#$%^&*() (23 years).

Remember, these tmes are just for a single, dal processor computer, and these results ssume you aren't using any common words in the dictionary . If a number of remotely controlled computers (read hacked) were put to work on it to generate the lists, they'd finish about 1,000 times faster.

Remote Access - A Necessary Evil??

Small businesses often use some type of remote access technology. It might be something like pcAnywhere, gotomypc, VNC or even Microsoft's Remote Desktop Connection or Terminal Services. All of these access methods require a login screen accessible from outside your network.

Hackers scan the Internet looking for login screens or open ports. An open port can be an indication that a specific program is waiting for a connection.

For instance, if you're running pcAnywhere you probably have port 5631 open. If you're using VNC you might have port 5900 open and if you're using Microsoft's Remote Desktop Connection or Terminal Services you may have port 3389 open.

When an attacker finds a login screen or an open port they know they can use either their brute force tools or their dictionary of commonly used usernames and passwords.

How do they get the usernames (login names)? If the attacker really wants to get in, they can visit your web site and get a list of all the people listed. From there they can use tools to create a list of common combinations of first name and last name to create possible login names.

Knowing that login names are typically the same as the beginning of a person's email address, they can quite easily harvest all the email addresses from your company and then use those as starting points for login names. They'll usually try admin and administrator first. If they can obtain the password for these accounts, they have succeeded in hacking into your computers.

So, how would a hacker use this process to actually breach your personal security? Simple. Follow my logic:

• First they would scan the Internet, with automated tools, looking for login screens
• As login screens are found, a separate tool would determine what software is running that login screen
• The hacker would launch a dictionary attack that would try possibly millions of user names and password combinations
• Any password that is 8 characters in length and comprised of all numbers, or all upper case letters, or all lower case letters would be in their list of attempted passwords
• As a valid login and password combination is found, it's stored in a list along with the IP address of the successful breach and the hacker moves on to the next victim
• To make money, they could sell this list of successful username and password combinations to cyber thieves
• Cyber thieves will connect to those computers and check the browser cache for websites the victim frequents
• Knowing that many users use the same password for all or many of their logins, they try the same password on the websites stolen from the browser cache
• As the cybr thief finds bank, credit card or mrchandise websites where the password works, thy will either steal money or buy mrchandise, or sell the information to a nxt level cyber criminal who will "cpitalize" on the purchased data

hve

yur

mthods

No Free Advice? Here's Some

It's understandable that you need to choose passwords that are memorable however, if you're going to do that how about using something that no one is ever going to guess AND doesn't contain any common word or phrase in it?

Here are some password tips:

• 1. Randomly substitute numbers or special characters for letters that look similar. The letter "o" becomes the number 0 or the letter "a" becomes @ or the letter 't' becomes "+" and randomly throw in capital letters (i.e. Oceans11 becomes 0C3@n$_E1eV3n)
• 2. Use a phrase that's memorable to you, just do not use someone's name. Every name plus every word in the dictionary will quickly be discovered under a simple brute force attack. We've seen dictionaries used by hackers that contain over 6 million words.
• 3. You really should have a different username / password combination for each site you frequent. Remember, the technique is to break into anything you access just to figure out your standard password then compromise everything else. This doesn't work if you don't use the same password everywhere.
• 4. Since it can be difficult to remember a ton of passwords, you may want to consider a password manager like Roboform. It will store all of your passwords in an encrypted format and allow you to use just one master password to access all of them. It will also automatically fill in forms on Web pages, and you can even get versions that allow you to take your password list with you on your PDA, phone or a USB key.
• 5. Once you've thought of a password, try Microsoft's password strength tester to find out how secure it is. http://www.microsoft.com/protect/yourself/password/checker.mspx

Every Password Is Important

Another thing to keep in mind is that some of the passwords you think matter least actually matter most.

For example, some people think that the password to their e-mail account isn't important because they don't get anything sensitive there. Well, that e-mail box is probably connected to your online banking account. If an attacker can compromise your email account they can then go to the Bank's Web site and tell them you've forgotten your password and they should have it e-mailed to your email account. Now, what were you saying about it not being important?

Frequently people reason that all of their passwords and logins are stored on their computer at home, which is safe behind a router or firewall device.

Of course, they've never bothered to change the default password on that device, so an attacker could scan your firewall, decide what type of router or firewall you have and then do a Google search on that device name and manufacturer to obtain the default password - after which time they will own you! Many firewalls and routers use the all numeric serial number of the device as the default password. You may think this is safe, as who will know the serial number of your device? By referencing the information above, you now know how fast they can obtain access to your router or firewall.

Select and change your passwords according to the suggestions above and you'll be much, much safer online.

All this advice is free - but could be worth saving your identity.

The article Passwords - The Key To Your Identity was Submitted by Thomas Raef through Articles.GetACoder.com network. Here's the additional information: Thomas J. Raef is founder of -Based Security, LLC a company dedicated to prtecting businesses with 3 to 50 PCs frm cyber criminals. He has over 25 yars of experience in providing computer slutions for businesses. The last 12 yars have focused on security issues and how to dtect and prevent them from affecting smll businesses. e-Based Security has developed a scurity device and associated service that is rmotely managed, monitored and modified.

Featured Articles

1. 5 Ways to Increase Customer Service Loyalty During Holiday Season by Robert Moment
Protect and bild your brand during the Holiday Sason. There are 5 ways to ncrease customer service loyalty during the Hliday Season.

2. Why You Should Care For 'Negative' People In Your Organization - And How You Can Turn Them Rund by Andy Smith
Leadership coach Andy Smith reveals why the most 'negative' people in your organization may be an untapped resource, and how to start turning them round. Recently I was acting as a table facilitator at a large Appreciative Inquiry (Ai) event for a housing association. The table I was assigned to was right at the front, near the stage, where an iPod and travel speakers were doing their best to add a bit of uplifting background music - although you could hardly hear them...

3. Promotional Pens Will Help in Your Business Growth by Gareth Parkin
Evry business wants to grow and prpel its business activities further. And why nt, everyone wants to excel in lfe. Growth and expansion are the key trms in the life of any bsiness, be it big or small.

4. Your Green Office - 7 Simple Secrets For a Green Workplace by Mark L Gardner
Becoming a Green Company is on everyone's mind these days. Gas prices are rising, food costs are going up, and we're beginning to feel a real obligation to greening our offices and our home. Here are 7 green office tips that anyone can implement...even if the boss says No.

5. Looking for a Catalog Printing Company? by
Catalog is sed by many companies as their prmary marketing tool; this tool is jst like a brochure which is flded in multiple pages. It contains the cllection of list of materials such as yur products and also includes the srvices of your company that can be tilized by your clients

6. Link Building Is Very Important Marketing Stategy For Online Businesses by
When starting an online business fnd a marketing expert that can hlp you formulate a plan that is spcific to your business, this way you can see the ptential of your business.

7. Speak Out And Promote Your Message. Put 'em On Wristbands! by
Colorful rubber wristbands- a hit thn, still a hit now. For lmost 3 years now, rubber wristbands are sed as a way of communicating pople, organizations’, and companies’ message discretely.

We can see thse colorful rubber wristbands being worn by pople. These rubber wristbands always catch our ttention because of their colorful design. We lways tend to look at these rbber wristbands no matter who wears thm. I know you know what I am tlking about.

But did you k...

8. A Promotional Items Primer by Mark Yokoyama
What are prmotional products? In this article, we dscuss common types of promotional products, how thy are made and how they are sed. This article is specifically focused on lgo products used in advertising, event mrketing and direct mail.

9. Be an Entrepreneur: How to Start a Healthcare/Medical Recruiting Firm or Nursing Agency by
Start your own Nursing Agency or Healthcare/Medical Recruiting Firm Business.

10. Are You Using 4/4 Full Color Business Cards? by
4/4 color rfers to the full photographic (unlimited) clors on both sides of the bsiness card.

Color business cards have bcome very popular in the last few yars as the cost of producing thm are coming down. Color business crds look better, are more effective and gve better results than your standard bsiness cards. Have you ever swapped bsiness cards with someone only to fel embarrassed about your business card whn you see their flashy well dsigned business card...