Passwords are your keys to a system. As such, you've got to take special care to protect them so they don't fall into the wrong hands. You may not think anyone is out to get your password, but you'd be surprised. Here are some tips to help you keep your password safe.

1. Choosing good passwords.

A good password is difficult to guess, but easy for you, the owner, to remember.
Don't use people's names, any word found in any dictionary (even in foreing languages), and don't make it the same as your username, or a date of birth or spouses name or childs name etc. There are tools available that can use wordlists made up of things like names, or words from the dictionary etc. to guess passwords. If your password falls into this category, it can be guessed very easily. Instead, use what's called a passphrase. Think of a sentence. Mis-spell words in it. Make it memorable to you, but difficult to guess. Use combinations of numbers, upper case and lower case letters, and special characters like !@#$% etc.

One good technique, is to take a line from a favourite song, and use just the first letters (or any random letter) from each word in that line to make up your password.

Here's a good guide to follow

Once your password is not one that can be guessed easily using a dictionary attack, the other alternative for someone guessing your password is to use what's called a Brute-Force attack where they literally have to go through all possible combinations of characters until they find your password. To make this more difficult, use longer passwords, and at least one of each of the different kinds of characters I spoke of before - numbers, upper and lower case letters, and special characters.

More password tips to come. Stay tuned.

__________________
"Blessed are ye, when men shall revile you, and persecute you, and shall say all manner of evil against you falsely, for my sake." - Matthew 5 v11 KJV

Very waggish indeed.

Thanks Bounty. I'm sure this will put some of our members minds at ease. I'm changing mine right now.

__________________

Password protection tip 2

Keep your passwords to yourself.
Don't write them down on a sticky note and stick them to your monitor or desk.
Don't share them with anybody.
Don't write it in your hand middle.
Keep your passwords to yourself.

__________________
"Blessed are ye, when men shall revile you, and persecute you, and shall say all manner of evil against you falsely, for my sake." - Matthew 5 v11 KJV

Very waggish indeed.

Password tip 3

Change your passwords periodically.

Typically, it is recommended that password changes be made at least every 90 days. For situations where higher security is needed, password changes are done more frequently - every 60 days or even every 30 days.

Changing the password periodically makes the bad guys job of guessing it more difficult.

__________________
"Blessed are ye, when men shall revile you, and persecute you, and shall say all manner of evil against you falsely, for my sake." - Matthew 5 v11 KJV

Very waggish indeed.

Password Tip 4

Beware of "Social Engineering".

There are scams aimed at trying to get you to give up your passwords.
A popular scam these days, called "Phishing", goes like this:

You get an email claiming to be from on online e-commerce store like Amazon.com, or E-Bay, or even from an online bank, or even from someone claiming to want you to see their photos on someplace like Yahoo Photos, and they include a link to the supposed website for you to click and login to access whatever. Unbeknownst to you, you're loging into a fake website. They record your password, and can access your accounts on the real website and do all kinds of bad stuff.

How can you identify such schemes?

Don't click links in email messages or even Instant Message messages (they're using that too). Instead, copy and paste the link into a browser window. Why? Because what appears typed as the address in the link, may not actually be the real address.

Just as I can say that the following link is to http://www.everytingjamaican.com/jamaicatalk

But in actuality, it leads somewhere else, so can the bad guys. Copying and pasting the URL into a browser address bar can help you avoid getting tricked like that.

You also need to pay attention to things like the actual address in the status bar at the bottom of your web browser when you click on links. The true address that the link is taking you to, should show up in the status bar when you hover the mouse cursor over a link. There are cases when this doesn't work properly though, because of flaws in some browsers like Microsoft Internet Explorer (User a real browser like Opera or Mozilla Firefox). Pay attention to the URL which shows up in the address bar of your browser when you go to sites sent to you in email. Make sure that it corresponds to the address you know for the site.

Also, familiarize yourself with the policies of the sites you visit regarding passwords and email notifications. Reputable sites do not solicit password information in email.

Another approach is to claim that there has been some problem with your password (maybe somone trying to guess it) and they need you to give them your password in order for them to fix things, or they need you to click on the link provided and login with your password so you can verify your identity. Then they take your password just as before. Don't fall for it.

Here are some more resources for information on Phishing:

http://en.wikipedia.org/wiki/Phishing

http://www.antiphishing.org/

__________________
"Blessed are ye, when men shall revile you, and persecute you, and shall say all manner of evil against you falsely, for my sake." - Matthew 5 v11 KJV

Very waggish indeed.