Computer passwords at risk to Internet thieves

As their methods get more devious, so should you, experts say

By John Branton, Columbian Staff Reporter

Published:

 

An ill cyber wind is blowing into Clark County, where sophisticated thieves have invaded the Internet banking accounts of a prominent business developer and a well-established charity — and extracted large sums.

Part of the new threat involves scammers who use software to figure out passwords people use for online transactions, including banking and shopping, experts say.

“Your computer passwords and secret question answers are at greater risk than ever as computers get more powerful and hackers more persistent,” says scambusters.org, a free e-mail blog that’s respected by police.

“One of the ways identity thieves work is in bits and pieces,” according to Web site Identitytheftfixes.com. “By collecting bits and pieces of your information, they can eventually gather enough information to ‘crack’ or figure out your passwords to sites you visit containing credit card and banking information.”

It’s gotten to the point where experts are advising ordinary people against using easy passwords like auntblabby or bill1539.

These days, scammers are using what’s called “brute force” software programs that can crack many passwords in a matter of seconds to a few hours, according to scambusters.

As a result, the two organizations are advising folks to beef up their passwords with some complexity:

• “In a nutshell, a good password consists of 14 or more random characters, upper and lower case and including numbers and symbols,” scambusters says.

By that description, an example of a hard-to-crack password would be 7&Mj*ru+71Bn9U.

• Also, important passwords should be changed frequently, in case a hacker figures them out.

• And never use the same password for different important accounts.

If you think that would make your life more complicated, there’s more.

Folks also are advised to ramp up the complexity of those secret questions and answers we use to get our money from savings accounts and so forth.

A brute-force software attack can easily figure out your mother’s maiden name, favorite color, dog’s name or first car, because of the relatively few options, common and uncommon, that exist, scambusters says.

By scambusters’ calculation, 40,000 words are commonly used in English. Sifting through numbers of that magnitude is child’s play for a modern-day computer.

“And Social Security numbers, especially the last four digits, are cheaply traded among criminals on the Internet,” scambusters says.

To create secret questions and answers that are hard to hack, scambusters advises that you be creative and invent your own questions, such as “the last word and page number in a book you own.”

And why not tell the bank your mother’s maiden name was “cZakindA?”

More ways to protect yourself

All this brings up the question of where to keep a bunch of often-changed complex passwords and secret questions, which would be hard or impossible for many folks to remember.

Scambusters advises against writing them down on paper, but says, “They would nearly always be meaningless dropped into the middle of a text document.”

With apology to Oscar Wilde, it’s The Importance of Being Devious. It can be done with time and effort, but also can make your head spin when you delve into it.

For example, Identitytheftfixes stresses the importance of effective, updated firewalls.

It says firewalls can be driven by inexpensive software that’s sufficient if you’re just using one computer connected to the Internet. But the software can slow your computer.

Home networks linking two or more computers to the Internet need a hardware-driven firewall, the organization says, adding:

“This type of firewall will completely shield your computer from the direct connection to the Internet. You will still be able to access the Internet, but no one can access your computer. In other words, you become invisible to hackers.”

If you don’t have the time, patience or skills for all this, there are software packages you can buy for an inexpensive one-time cost to help manage your passwords. The software can generate tough passwords randomly and store them with encryption protection, among other things.

Scambusters says one such service is Roboform.com. The company sells licenses and backup CD packages for about $35 and up. Another option mentioned by scambusters is PasswordVault by LavaSoftware.com, which costs about $15 and up with free updates.

For those who want more protection, there’s a wide range of services that offer identity theft detection in several ways, for monthly charges ranging from about $5 to $20.

Some of them come with $1 million ID theft insurance and say they conduct fraud monitoring of your credit cards, public records, Social Security number, bank accounts, credit bureau reports and medical records — and guard against invasions of your computer by malicious keylogging software and spyware.

To see a comparison of nine such services, visit NextAdvisor at consumercompare.org.

John Branton: 360-735-4513 or john.branton@columbian.com.