{"id":830,"date":"2016-03-30T23:30:49","date_gmt":"2016-03-30T23:30:49","guid":{"rendered":"http:\/\/blog.paranoidprofessor.com\/?p=830"},"modified":"2016-03-30T23:30:49","modified_gmt":"2016-03-30T23:30:49","slug":"safe-computing-email","status":"publish","type":"post","link":"https:\/\/blog.paranoidprofessor.com\/index.php\/2016\/03\/30\/safe-computing-email\/","title":{"rendered":"safe computing – email"},"content":{"rendered":"

What is computer security?\u00a0 Techniques for ensuring that computer data is not accessed by unauthorized individuals. This might involve passwords, encryption or physical seclusion.<\/p>\n

Virtually every other week there is a story in the news about some web site which was hacked and hundred of thousands of user\/password combinations taken.\u00a0 When these incidents are announced there are only two things that might be considered important.<\/p>\n

The main concern should be whether any real user data such as name, address, banking details or other personal non-public data escapes.\u00a0 The secondary concern is that now someone knows your username\u00a0 and password.\u00a0 This shouldn’t be a problem as after all, everyone uses a different username and password at each website – right?\u00a0\u00a0 Well, no and that is part of the problem.<\/p>\n

It was a stroke of genius to use email addresses as the user id for all of these sites because email addresses are a unique piece of information.\u00a0 You don’t have to worry that there will be two bobjohnson@outlook.com, between the email name and the domain they form a unique id.<\/p>\n

Why millions of passwords on the loose is a problem is because once people find a good password a lot of them simply use it again and again at every site they go to.\u00a0 This means when your password is compromised at bobsindojapansegrill.com, they know your user name and password that you might be using at Facebook, Gmail or some other site.\u00a0 There are apparently people who like the challenge or the rewards of hacking other people’s accounts.<\/p>\n

To feed on rational fears it can be even worse than that.\u00a0 The “bad men” don’t even need your password to compromise your account as knowing your email address may be enough.\u00a0 Given a free choice, people are pretty bad at picking secure passwords.<\/p>\n

This is a list of some of the most common passwords from 2014<\/a>.<\/p>\n

1. 123456
\n2. password
\n3. 12345
\n4. 12345678
\n5. qwerty
\n6. 123456789
\n7. 1234
\n8. baseball
\n9. dragon
\n10. football
\n11. 1234567
\n12. monkey
\n<\/code><\/div>\n

It is quite likely with this list of passwords, a hundred email addresses and a handful of websites you will fine one or more that will let you in.\u00a0 At work, well especially at large companies, they tend to espouse a number of rules designed to create difficult to guess passwords.<\/p>\n

1. minimum of 8 characters
\n2. must include one upper case letter, one lower case letter, one digit and one symbol
\n3. must be different than the the last 12 passwords
\n4. cannot include the name of the account
\n5. cannot include the users name
\n6. does not include a complete word
\n7. doesn't include name of family or extended family
\n8. must include the sound you hear when stepping on a bug*
\n9. must be impossible to represent the password with any keys on a keyboard* <\/code><\/div>\n
<\/div>\n
*included to see if you read the entire list.
\n<\/code><\/div>\n

The IT department want things to be really really secure so if you are unlucky you will have a different password for every internal system that you use and it will seem that they change every three weeks.<\/p>\n

It is almost impossible to have a few dozen passwords that change on this type of schedule without writing them down somewhere.\u00a0\u00a0 Yet there is obviously a good way and a bad way to do that.<\/p>\n

\"monitor-with-password2\"<\/a>Your password on a sticky note on your screen or the corner of the desk are about as bad as it gets.\u00a0 I have heard of people storing their passwords in text files, word documents, or in excel spreadsheets.\u00a0 This is a slight step up from the password boldly written across the screen but not as good as something a bit more secure.\u00a0 This could be either password protected word or excel document.\u00a0 Not a great choice but should keep your secrets for the casual snooper.<\/p>\n

Yet, there is a dedicated program, a password manager, which is designed for the task of tracking this type account information.\u00a0 Depending on the program it may use either 128bit or 256 bit encryption keys.\u00a0 This is much better than the more limited 40 bit key limitation for encryption that existed for so long in the USA.\u00a0 While it would take millions of years to break 256bit keys the much shorter 56bit key has been broken in only four months<\/a> and that was in 1998 with a 90mhz Pentium.<\/p>\n

Yet even the password manager can be a vector for weakness to the security of your password information.\u00a0 What makes these tools convenient is that they store your user and password information and it to make it convenient the password can be copied to the clipboard.\u00a0 Once this happens this information is available to be sniffed<\/a> by other applications running on your phone.<\/p>\n

I wish that last part could be labeled a paranoid fantasy but is a weak point regardless of the platform (sorry IOS fans).\u00a0 Yet the password manager is safe if you read and remember the password and manually type it into the application that needs it.<\/p>\n","protected":false},"excerpt":{"rendered":"

What is computer security?\u00a0 Techniques for ensuring that computer data is not accessed by unauthorized individuals. This might involve passwords, encryption or physical seclusion. Virtually every other week there is a story in the news about some web site which … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[4],"tags":[73],"_links":{"self":[{"href":"https:\/\/blog.paranoidprofessor.com\/index.php\/wp-json\/wp\/v2\/posts\/830"}],"collection":[{"href":"https:\/\/blog.paranoidprofessor.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.paranoidprofessor.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.paranoidprofessor.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.paranoidprofessor.com\/index.php\/wp-json\/wp\/v2\/comments?post=830"}],"version-history":[{"count":2,"href":"https:\/\/blog.paranoidprofessor.com\/index.php\/wp-json\/wp\/v2\/posts\/830\/revisions"}],"predecessor-version":[{"id":832,"href":"https:\/\/blog.paranoidprofessor.com\/index.php\/wp-json\/wp\/v2\/posts\/830\/revisions\/832"}],"wp:attachment":[{"href":"https:\/\/blog.paranoidprofessor.com\/index.php\/wp-json\/wp\/v2\/media?parent=830"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.paranoidprofessor.com\/index.php\/wp-json\/wp\/v2\/categories?post=830"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.paranoidprofessor.com\/index.php\/wp-json\/wp\/v2\/tags?post=830"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}