Fhqwgadz

No posts for ten days and I’ll bet you’re sick of seeing that last rant. Well, I’m sick of it too.

I still haven’t heard anything from Hotmail and Apple have still got my computer.

So, while the gods of cyberspace continue to frown on me, I wonder what it is I have done to anger them, and I offer you this advice…

A Note About Security

Security is a fairly extensive and complex concept. And quite interesting at times. However, here are some basic rules to keep your information tight. It is a simple security technique I invented and use (a variation of).

Rule 1: Choose a good password

Never, never, never use a word (or words) that appears in the dictionary, as a password. I know, I know… there is a sharp intake of breath and everyone looks sideways.

Yes, everybody knows that everyone else’s password is just a word- including hackers. That’s why they are the most feeble means of protecting data.

Any of the following are really bad passwords:

radish
crazy88
catshape
Einstein
themuppets

Obviously, the reason 99% of people have passwords like these is that they are easy to remember and they think that they are not ‘obvious’. Well, the reason that they are easy to hack is that hackers don’t just sit around trying to guess passwords.

A hacking technique known as brute force does exactly what it says on the tin. It is the hacking equivalent of taking a mallet to a peanut. In a brute force attack, a hacker will set a program to try every possible combination of words for the target (Hotmail account, computer, whatever) and then go and have a cup of tea while the computer works it’s way through a dictionary file, until it gets a hit. Oh, and there are hundreds of different/specialist dictionary files, with new ones being created all of the time, so just because your password doesn’t appear in the Oxford English dictionary does not make it safe.

Okay, so dictionary words are out. So what’s good? Well, in a nutshell, sequences of upper and lower case letters and numbers.

This is an example of a really good password:

bcFhrVnntpcaZJc

And the problem is obvious- apart from being really hard to hack it’s also really hard to remember.

Well, that’s easy enough to solve. Simply choose a word that you can easily remember (maybe your existing password) and obfuscate it.

Say, for example, your password is chocolate- this could obfuscate as Ch0c0lAt3; or ChoC0l8; or cH0c014T3, etc. Simple but effective. In the above examples I’ve used leet, but the method of obfuscation can be of your own devising and can be as complex as you like. You’re looking for a good mix of upper case letters, lower case letters and numbers. About 8 characters long is good, more is better.

Rule 2: Never use the same password

Another groan. Yes, I know; everyone has one single password that they use for absolutely everything. This is asking for trouble.

The easiest way to have a different password for everything without your brain exploding, is simply to append it with relevant letters or numbers.

Lets suppose that your password was chocolate. You’ve taken the steps above and changed it to Ch0c01aTe. Okay, here is a simple way to append it…

For example:

Yahoo version: YCh0c01aTe
Ebay version: ECh0c01aTe
Amazon version: ACh0c01aTe

Can you see what I did? Yes, very clever.

Seriously though, if you get your own simple system going, you can have an infinite amount of passwords with only one ‘root’ word to remember. And as a plus, the extra letters (or numbers) only make them more secure.

Rule 3: Change all of your passwords periodically

I can’t give you any smarty-pants techniques for this one. You just have to do it. Change all of them about twice a year. It takes about 10 minutes and you’ll be ahead of the game.

Fhqwgadz

Well, that’s about it really. Any other advice is just the usually boring crap about no writing it down or telling anyone. (Although, if you have followed the above system you could write down just the word chocolate and it would still be pretty secure, if inadvisable).

It’s also worth pointing out that this system (I’m going to call it The Fhqwgadz System) has been tested, during my recent brush with a hacker, and worked perfectly. I used a lot of passwords (maybe 10 or more) at the internet cafe where I think the attack took place, and sure enough, the only two that got hacked were the two oldest ones that weren’t 100% Fhqwgadz complaint and, bang, right on cue they get hacked.

You can choose to ignore The Fhqwgadz System if you so desire. But be warned, hackers are a dynamic bunch and it’s as much about staying one step ahead as anything. The days of having one single cool sounding password for everything are long gone. That’s so ’98.