"Cyberspace, in its present condition, has a lot in common with the 19th Century West. It is vast, unmapped, culturally and legally ambiguous, verbally terse (unless you happen to be a court stenographer), hard to get around in, and up for grabs. Large institutions already claim to own the place, but most of the actual natives are solitary and independent, sometimes to the point of sociopathy. It is, of course, a perfect breeding ground for both outlaws and new ideas about liberty." -- John Perry Barlow, Crime and Puzzlement

I would love to tell you that the Internet is a safe place and that there is no reason for you to protect your password. Unfortunately, there are a LOT of people out there who would LOVE to break into your account and "use your account as a base for operations (1)."

How prevalent is this? According to Mike Godwin, Chief Legal Counsel for the Electronic Frontier Foundation, it's "fairly common." (1)

The only defense against people who want to break into your account -- a.k.a. "crackers" -- is your password. Keep your password secure, and you should never have anything to worry about. Give your password to others, or write your password down and put it near your computer, and ... well, you get the picture.

There are some KEY points you need to remember to protect yourself and your account:

- NEVER give your password to ANYONE (1). The whole purpose of having a password in the first place is to ensure that NO ONE other than you can use your account.

- NEVER write your password down, and especially never write your password anywhere near your computer.

- NEVER e-mail your password to anyone.

- DO change your password on a regular basis (1). There is no better way to thwart a would-be cracker than to change your password as often as possible. Your local Internet service provider will be able to tell you your system's recommendation on how often you should change your password, but a good rule of thumb is to change it at least every three months.

- DON'T pick a password that is found in the dictionary (1). When you set your password, it is encrypted and stored into a file. It is really easy for a "cracker" to find your password by encrypting every word in the dictionary, and then looking for a match between the words in his encrypted dictionary and your encrypted password. If he finds a match, he has your password and can start using your account at will.

- DON'T use passwords that are foreign words. The hacker can get a foreign dictionary, and ...

- DON'T choose a password that relates to you personally (2) or that can easily be tied to you. Some good examples of BAD passwords are: your name, your relatives' names, nicknames, birthdates, license plate numbers, social security numbers (US), work ID numbers, and telephone numbers.

- DO use a password that is at least eight characters long and that has a mix of letters and numbers. The minimum length of a password should be four to six characters long.

The best passwords -- the ones that are the easiest for you to remember, and the ones that are the hardest for crackers to crack -- are passwords that are like those fake words you used to create when you would cram for a test. For example, to remember that "the Law of Demand is the inverse relationship between price and quantity demanded," I created the word TLODITIRBP&QD. NO ONE could hack that as a password. Best of all, its EASY to remember (well, its easy for an economist to remember).

Here are a couple of other good passwords:

   Sentence                                Possible password

   In 1976 I moved to Tulsa, Oklahoma      I76IMTTO
   The conference lost 12,000 dollars      TCL12KD
   U of A Crimson Tide Football is #1      UACTFI#1

Sentences are EASY to remember, and they make passwords that are nearly impossible to break.

Finally, there is one last thing that I want to say before I close: I feel that "hacking" and "cracking" so violates the spirit of the Internet that I will do everything in my power to help put the overgrown babies who engage in such activities where they belong -- behind bars. Until that time comes, however, I'm going to change my password as often as possible.

HOMEWORK

Contact your local Internet service provider, find out how you can change your password, and CHANGE YOUR PASSWORD!!

SOURCES:

(1) from a telephone interview with Mike Godwin, Chief Legal Counsel for the Electronic Frontier Foundation.

(2) comments from the Computer Law Association, as quoted in Bottom Line Personal 6/1/94 p.8 (in edupage 5.22.92)

(3) quoted from edupage 06.09.94 (from a story in the Tampa Tribune 6/8/94 Baylife 5)

Patrick Douglas Crispen
pcrispe1@ua1vm.ua.edu
The University of Alabama

The views expressed in this letter do not necessarily represent the views of the University of Alabama - Tuscaloosa.

ROADMAP: COPYRIGHT PATRICK CRISPEN 1994. ALL RIGHTS RESERVED.
ADDITIONS AND WEB PAGES: BeOnTheNet Inc. (1995). ALL RIGHTS RESERVED.

THESE LESSONS ARE BROUGHT TO YOU BY:

BeOnTheNet Inc.

+ Providers of Practical Internet Solutions
+ 5 Hartland Avenue, Huntington Station, NY 11746
+ Voice: (516) 351-7699 - 1-888-632-9728 Fax+ (516) 549-9728