Feature Article
Mark Pribish
Password 101 and a New Year's Resolution: Making Sure Your Password is Difficult to Break
By Mark Pribish
Vice President and ID Theft Practice Leader

According to Wikipedia, (http://en.wikipedia.org/wiki/Password_strength), the definition of password strength is: "a measure of the effectiveness of a password in resisting guessing and brute-force attacks."

For example, the process of guessing a password can be related directly to personal information readily available ranging from public databases to social media sites. This means your password(s) can be at risk of being stolen when any hacker or a perpetrator has specific knowledge about you (or your family) such as your mother's maiden name, the city in which you were born, the first school you attended, the name of your pet, the name of your children, along with your favorite color, music, movie, book, food, sports team, etc.

An example of password cracking or breaking is when attempts are made using a series of words or a combination of words, numbers and/or characters to try and guess a password. Password cracking or breaking can be especially effective when there are an unlimited number of password attempts.

The purpose of this month's article is to remind you that using a weak password is like leaving the keys in your car or the front door of your house open - where the risk of theft will increase significantly under these circumstances.

Another purpose is to educate you on the common mistakes individuals unknowingly make when using a weak (easy to guess) password to access a personal or work computer or when accessing by phone the computers of their financial institutions, pensions and 401-K plans, credit card balances, frequent airline and hotel programs, and other confidential information inside the databases of any personal, professional, or business relationship.

Based on the above and how individuals can become victims of ID Theft by using a weak password, every individual should know that no password is unbreakable and every individual should be aware of and responsible for good password management.

Good password management means that you have created a password that is difficult to guess and easy to remember.

That said, I have listed below some tips for creating a strong password including:

  • Make it difficult by combining letters and numbers with a minimum of 8 characters.
  • Make it more difficult by combining mixed-case words, numbers, punctuation, symbols and letters.
  • Make it the highest degree of difficulty by using as long a password as possible. Remember you can use entire phrases or sentences as passwords.
  • Change your password on a regular basis (e.g. monthly or quarterly basis).
  • Change your password more often when it is related to critical sensitive information (e.g. online banking).
  • Never use a default password. Instead, always change the default password to a new and more difficult password immediately.
  • Do not use common passwords like "password, God, love, money, private, secret, or asdf."
  • Do not use consecutive numbers like 12345 or 54321 - as either the password or when adding to a password.
  • Do not use personal information like names, initials, zip codes, birthdays, pets, or license plates.

Now that you've created a strong password double-check the strength at Microsoft's free online password strength checker found here (https://www.microsoft.com/

Finally, some common threats to your password(s) being stolen include pharming, phishing, pre-texting, skimming, spoofing spyware, and vishing (or voice phishing).

To learn more about these threats and how to protect yourself and your family from Identity Theft, you can read my past newsletters at the Merchants Identity Theft Educational Website at www.idtheftedu.com.


Scam Central

Disaster Relief Scam

After serious disasters like the recent Haitian earthquakes, one has a natural disposition to feel compelled to contribute to the relief efforts of millions who may be suffering. Generously, millions of individuals answer the call for help and graciously provide what money they can afford. Unfortunately, scam artists are well aware that your compassion creates an opportunity for them to bamboozle you. Identity thieves and scam artists alike will devise various methods to try and fool you into thinking you are contributing money to a relief fund. Educate yourself so as to not be fooled by these schemes.

How it Works:

You may receive phone calls from telemarketers, or perhaps get an email asking you to donate to the relief efforts in Haiti. You send money by clicking on a link that takes you to a donation site, or give your credit card number over the phone to these seemingly-honest third-party collectors who claim they are representatives of the Red Cross, or a similar valid relief organization. In reality, your money has now gone to a scam artist, and if you paid with a credit card, you may soon find your card is maxed out.

Your Defense:

As always, if you do not know the source of an email, never click on the link provided. You can always go directly to a relief effort website, such as the Red Cross, to contribute your money in a safe manner. In addition, you can find helpful information on researching any charitable organization at the following link: http://www.charitynavigator.org/index.cfm?bay=content.view&cpid=419.

In conclusion, if you receive an email or phone call asking for your charitable contribution, never give any credit card or other valuable information over the phone or online, unless you've properly vetted the organization.