A few years ago, there was a TV game show called The Weakest Link. The show’s host was Anne Robinson. She skillfully aimed a combination of wit, humor, and sarcasm at some of the show’s competitors.
She was quite generous with the quantities of wit and humor relative to ALL of the contestants. However, she reserved the best of her sarcasm for those particularly stupid ones, all of whom appeared abundantly deserving.
I enjoyed the show; other’s didn’t. But this isn’t about a TV game show; it’s about the existence of a WEAKEST link and its impact on the human race, with particular emphasis aimed at those humans wandering around the Internet under the impression that a “solid” password is all the security they need to keep them safe from hackers.
I am no neophyte when it comes to computer security; although I did have an email account spoofed a while back. The situation was easily fixed, though.
I’ve taught end-user computer security to FBI agencies, myriad other police agency operatives, and hordes of everyday people simply determined to keep would be hackers from getting into their online bank accounts.
And keep in mind that the type of security to which I’m referring is end-user. It’s a light year’s distance from the level of skill required by systems and network IT personnel.
That’s a whole other level of security better left to highly skilled IT experts. And while I’m able to converse about it, I’m not qualified to pontificate on the subject.
I’m simply going to stick to the common sense variety of security that people sitting at home searching the Internet should be using with the same level of vigor as a “come to Jesus,” fire and brimstone preacher uses during a revivalist sermon.
In spite of having myriad protective security software installed on both of my laptops, not the least of which was Norton Security Suite, various pop-up blockers, and a host of additional email and contact list protectors, I just spent 12-straight hours cleaning out some of the most vicious malware from various system, registry, and other critical files.
And yes, I could have simply reformatted the hard drive, but that would have wiped out EVERYTHING, and it would have taken even more time to reconstruct other critical stuff.
But by doing it all manually, I’ve managed to reconstruct everything but my Outlook contact list, and I’ll have THIS finished in another two days. And here’s where the WEAKEST LINK theme comes into play. It wasn’t anything that I did that caused all my troubles.
When you’re setting a password, take some time to make it secure. Here’s a down-and-dirty lesson on statistical PERMUTATIONS and their relationship to effective password security.
There are 26-letters in our alphabet. But passwords are case sensitive which means that a lower case “a” is different from an upper case “A.” This fact instantly increases the number of ALPHA characters from 26 to 52.
Plus there are 10 (TEN) numeric digits (0 through 9). And add in the fact that there is a minimum of 30-ASCII characters also available (!, %, # *&, etc.). Adding it all together gives us—at a minimum—92-available characters for passwords.
Here’s the arithmetic. Setting a 4-character password using a combination of both upper/lower case alphabet, numerics, and ASCII characters will yield 71,639,296 possible password permutations.
It sounds like a LOT until you consider that hackers have created software capable of analyzing 40,000 characters per SECOND, and the programs are getting even faster. Typical hacker software could break such a password in less than 30-minutes.
If you use only lowercase letters or only uppercase letters, it would take less than 12-SECONDS to break the password. But if you’re really creative and use such passwords as the names of your children or something like 1234, or the ever popular PSWD, I could crack that one MANUALLY in less than 5-seconds!
Now, let’s use a 14-character password incorporating the entire pool of characters I described above (92 of them). This results in 3.11227 (RAISED to the 27th power) possible 14-character passwords. How large is this number? Just take 3.112; remove the decimal point; and add 24-ZEROS!
Even using highly sophisticated cracker software, it could take a century or more to crack such a password. Besides, professional hackers aren’t interested in hacking into any single computer user’s unit.
These folks are much more interested in the most bang for the buck. They’re going after major holders of personal data. Hack into a bank’s system, or a major retailer’s system and PRESTO, they’ve hit a mother lode!
I don’t use a single password that’s less than 12-characters and I use all 92-available characters. I was NOT the WEAKEST link in this latest hack. That distinction belongs to YAHOO.
I’ve had an alternative Yahoo account for several years. I only used it as an alternative because I was using an application that required it. I’ve rarely used it, otherwise.
The only reason I found out about their hack was because I had to log on to that account. I received a message informing me of the problem, that my account had been shut down, and that I needed to establish a new one.
Hackers had accessed the Yahoo system. They managed to install malware on Yahoo’s home page that sent users to alternative malware sights. And as an added bonus, they accessed the data for a few hundred thousand account holders as well.
It was some sophisticated hacking, too. Once users clicked on one of those sights, the malware installed itself on individual units by simultaneously bypassing all security software.
I’ve completely reconstructed my system, but the lesson is that home users are not necessarily the WEAKEST link when it comes to security. I certainly wasn’t.
But given the recent rash of computer breeches with online companies and brick and mortar retailers, it’s become quite clear that EXTREME caution has become the prime directive.
So Yahoo, Target, Abercrombie and Finch, along with a host of others that make it possible for the occasional employed IDIOT to store batches of files on flash drives and take them off premises to work on them, you are all WEAKEST links.