Passwords For Dummies

For over a decade I’ve been advising friends, customers and peers to only use strong pass-phrases to protect their computers and networks. Sadly, people just don’t get it no matter how many times they are told. Users, when able, simply tend to use no password, a simple number scheme like “12345”, or an easily remembered fact like their marriage anniversary date. (Well, maybe not the last one…) New computer users seem the most prone to use null or weak passwords. It is just too easy to break into computers using simple “dictionary attacks.” A recent study has borne this out quite clearly.

“This study provides solid statistical evidence that supports widely held beliefs about username/password vulnerability and post-compromise attacking behavior. Computer users should avoid all of the usernames and passwords identified in the research and choose longer, more difficult and less obvious passwords with combinations of upper and lowercase letters and numbers that are not open to brute-force dictionary attacks.”

In the study’s test using four target computers on the Internet, they were attacked on average, 2,244 times a day. That equates to about once every 39 seconds.

What’s the ultimate answer to the need to protect interconnected computers. Turn them off. Of course, that defeats the whole purpose of modern. Security experts advocate “defense in depth” techniques. I’ll write more about in the future. Until computer users adopt better protection for their home and business computers – and increasingly their hand-held devices including phones – perhaps we ought to just label each device “Computer for Dummies.”