Good Passwords


Check out the following page.

http://www.cbsnews.com/8301-205_162-57539366/the-25-most-common-passwords-of-2012/

This will take you to the 25 most commonly used online passwords in 2012.  Are you using any of them?  Hmm?

@bgrasley and I still marvel that “monkey” is still on the list!  I do know some people who have used those in the past.  It’s always a piece of good advice to tell them to change it to something more difficult to guess.

Why is it important?  Well, your password is the only thing that keeps hackers from your accounts, and ultimately your privacy and your money.  Biometrics may be on the horizon but we’re not there yet.  A person who guesses your password is, in effect, you online and is able to do things that you can.  Knowing how to protect an account is an important skill that all students should acquire.  I’d start by taking a list of popular ones and realize the damage that can be done.  I just noticed recently a well known individual from MIT end up being hacked on Facebook.  In this case, the hacker posted some information about a weight loss program.  Not good.  Having that password allows you to do all sorts of things.  Consider the following…

Name of the hacked person is hidden to protect them and the actual URL which is probably the destination for some phish website has been over written with red to hide it.

Intel has a great utility website to give you an idea as to just how strong your password is.  It’s located at:

http://www.intel.com/content/www/us/en/security/passwordwin.html

and it’s worth spending some time at.  Note the warning that your password doesn’t actually leave your computer but it’s a good idea not to use any real password anyway.  Maybe something close would give you a good enough idea of how good your password is.  So, how good is “monkey”?

Not good!  That advice is good for anything that’s found in a dictionary.

The nice thing to pass along to students is the information that Intel provides under the results.  It’s a really good summary of some of the ways to make your password difficult to guess.

The website is well worth the bookmark and a great idea to have students test potential passwords whenever new accounts are created.  Surely, you’re not about to use the same password on every site, are you?  are they?

So, how do you generate a good password?  Well, one way is to use this website.

http://strongpasswordgenerator.com/

(I’d add a character or two to the suggestions that it generates just to be sure…)

I generated one.

How good is it?

I think I’d be a great deal more comfortable with that security.  You just then need to find some way to remember it!  Contemporary browsers have the ability to remember passwords.  (Just make sure that you have a secondary control over the passwords in case someone sits down at your computer!)  Or, addons like LastPass do a terrific job.

Just don’t write your passwords down on paper!

 

Hacking versus Vandalizing


If you recall, a few days ago, I had commented on the story “Given Tablets but No Teachers, Ethiopian Children Teach Themselves“.  There remain lots of followups to the original story that cross my reader and I read them with interest to see the slant applied by various authors.  There’s one thing that still nags at me though.  The articles talk about the kids all “hacking” the Android device.

Over the weekend, many of the sites from NBC were either taken down or defaced by “hackers”.  Much has been written (and read) about this as well.

One of the books that was in my classroom library was Clifford Stoll’s “Cuckoo’s Egg“.  I still have my own personal copy on my bookshelf.  It was originally priced at $8.99 CDN.  The book  was one of the popular borrows in the classroom and a catalyst for discussions around hacking and computer crime.

Now, in education (and business), as long as there have been attempts to make for a reliable and consistent computing experience by removing access to some of the settings and to parts of the operating system, there have been attempts to apply controls.  It stops random adjustments that might result in a system that doesn’t work as expected or one that doesn’t work at all.  And, as long as there have been users, there have been users trying to get around these controls.

This sort of “hacking” is an activity often undertaken to see if the security controls could be overridden.  In fact, many organizations offer rewards for anyone who can bypass the security and demonstrate how it was done.  This is a real challenge for some!  In a twist on ethics, the true hacker takes great pride in the act and willingly shares with those charged to maintain things just where they dropped the ball.  It’s opened up a whole profession of “Ethical Hacking“.  As you can imagine, this generates really good discussion and a desire on some to become ethical hackers!

Unfortunately, the term “hacker” has taken on other meanings over the years.  In its worst, it’s applied to work that is somehow generating unexpected results.

Then, there’s a third option.  That’s when a person, desiring to circumvent controls, asks someone else to show them how it is done.  Often, these get classified as “hackers” as well.  I was so pleased that my students didn’t see copying someone else’s technique as “hacking”.  In their view, it was just “vandalizing” or “criminal” or “copycatting” – all somewhat less impressive.

Yet, the media often reports all as “hacking”.  What do you think?  Are they right?  Is the reading community sophisticated enough to recognize the differences?