August 23, 2013
As hackers become increasingly sophisticated, remember to change your password frequently and stay aware of what techniques hackers use to steal passwords.
If a password is weak, it’s easier for someone to gain access to a network or computer, which opens the door for someone to view your personal information, such as email, bank accounts or research, or protected patient information.
Here are tips and more information to keep your computer and accounts safe.
How Passwords are Stolen
When you are creating a strong password, it can help to know the tactics hackers use to steal them.
Frequently used techniques:
Guessing: Programs designed to guess a user’s password are common. They often use personal information found online—such as names, birth dates, names of friends or significant others, pet names or license plate numbers—as a starting point. These programs can even search for a word spelled backwards.
Tip: It’s best to steer clear of any personally identifying information when creating a password.
Dictionary-based attacks: Programs and software also exist that run every word in a dictionary or word list against a user name in hopes of finding a perfect match.
Tip: Staying away from actual words, even in a foreign language, is recommended.
Brute force attacks: By trying every conceivable combination of key strokes in tandem with a user name, brute force attacks often discover the correct password. Programs can execute a brute force attack very quickly.
Tip:: The best way to beat such an attack is with a long, complex password that uses upper and lower case letters, numbers, special characters and punctuation marks.
Phishing: Phishing scams usually try to hook you with an urgent IM or e-mail message designed to alarm or excite you into responding. These messages often appear to be from a friend, bank or other legitimate source directing you to phony Web sites designed to trick you into providing personal information, such as your user name and password.
Tip: Best advice is don’t click a link in any suspicious e-mails, and don’t provide your information unless you trust the source.
Shoulder surfing: Passwords are not always stolen online. A hacker who is lurking around in a computer lab, cybercafé or library may be there for the express purpose of watching you enter your user name and password into a computer.
Tip: Try to enter your passwords quickly, without looking at the keyboard, as a defense against this type of theft.
Tips for Creating and Using Safe Passwords
TriHealth places patients first and that includes their data as well. It’s important to remember protecting your computer and accounts with strong passwords also helps protect other users as well. If just one password used to access the network is breached, all of the computers connected to the network are put at risk for viruses, worms and other forms of malicious attack.
In addition to the suggestions offered above, follow these guidelines for creating and using strong passwords:
- Use both upper- and lower-case letters.
- Place numbers and punctuation marks randomly in your password.
- Make your password long and complex, so it is hard to crack. Between 8 to 20 characters long is recommended.
- Use one or more of these special characters: ! @ # $ % * ( ) - + = , < > : : “ ‘
- To help you easily remember your password, consider using a phrase or a song title as a password. For example, “Somewhere Over the Rainbow” becomes “Sw0tR8nBO” or “Smells Like Teen Spirit” becomes “sMll10nspT.”
- Make your password easy to type quickly. This will make it harder for someone looking over your shoulder to steal it.
For more information, see TriHealth Password Policy: 5_IS06.00 - Password Policy.