Better passwords: You, me, and qwerty

/in /by

better-passwords

I’m going to share a magic trick with you that will cause some of you to do a double take. I’m going to guess the password that you use to login to Facebook, your email, or maybe even your computer.

Ready? Here goes:

Is it –

  • password
  • 123456
  • qwerty
  • abc123
  • letmein
  • monkey
  • password1
  • (your first name)

Did I shock some of you?

In reality, I hope that for most of you I didn’t guess correctly. But statistics say that over 90% of people reading this article will use a weak password somewhere at sometime, many of which are in my list.

And hackers are betting on it.

Let me be frank with you. You want to be safe online, don’t you? You might think that because you are just the average person going about your business, that because you aren’t employed by a big corporation or government agency, you aren’t a target. Not so. No matter who you are, hackers want a piece of you.

What’s a bad password?

The worst possible password you can have is a short dictionary word, meaning a word that can be found in the dictionary. For example, let’s use “orange” as our password, without the quotes – just plain orange. A hacker will use a dictionary attack to find your password, trying every word in the dictionary until he gets your password. You may think that this will take him or her quite a while. How many words are before orange in the dictionary? What you must keep in mind is that the hacker won’t be doing the dictionary search, his computer will. And it’ll run through the dictionary in a matter of seconds.

Gibson Research Corporation (GRC) has put together a fantastic web page that shows the length of time it would take a hacker to find a password. Using the best scenario possible, they suggest that a hacker could get our password “orange” in 0.00000321 seconds.

What’s a good password?

I’ll give you a password that is virtually unbreakable:

02=ot5F%WhJV|Kyc9qZn7S{maxE#Gs8zgrDP,A*_34Cb16`lU

Seriously. Try hacking into that one. GRC says it would take 26.03 trillion trillion trillion trillion trillion trillion centuries to guess it. The problem with it? You’ll probably never use it because you can’t type it without going cross-eyed, never mind remember it.

For the average user, a great password will contain:

  • One upper case letter
  • One lower case letter
  • One number
  • One punctuation mark or symbol
  • And the longer it is, the better

Let’s start by making our password longer. How do we do that?

  1. We select another random word to go with it. Let’s use “doctor”. Now our password is orangedoctor, and already we have made a big leap forward – it would take 16.54 minutes to figure that one out.
  2. Make one letter upper case. We’ll go beyond that and make it two upper-case letters: OrangeDoctor. We’re now at 1.52 months to hack.
  3. Add in a number, and keep it in the middle for even more protection: Orange4Doctor. Time required to solve? 64.65 years.
  4. A simple punctuation mark, like a comma: Orange4,Doctor

It would take a hacker 15.67 thousand centuries to crack that password.

You’re done! You have a password that you can remember, you can type relatively quickly, and one that is infinitely safer than “orange”. You’ve made the hacker’s job much more difficult by creating a password that is exponentially more complex than monkey, your first name, or the first name of your child, or the name of the street you grew up on.

Try it – create your own, change your Facebook or email password to it, and see if you sleep a little bit better tonight.

James Blackburn is the owner of The Techno Dorks! An Edmonton computer repair company

Domain Registry of Canada is a Rip-off

/in /by

scam alert

A few times a year we receive a domain name expiration notice from the Domain Registry of Canada. Our web design clients have received these notices as well. The Domain Registry of Canada is very good at making their notices look as though they are the ones managing ours’ or our clients’ domain names. They even say in their notices “You must renew your domain name to retain exclusive rights to it on the web” to trick you into renewing your domain name at a higher prices. The funny thing is, we’ve never used the Domain Registry of Canada to renew any of our domain names nor any of our web design clients’ domain names.

If you look at the pricing on their “Expiration Notices” you’ll see that their prices are close to four times as much as renewing a domain name through godaddy.com or hover.com. For example, renewing with GoDaddy will cost around $12.00 per year while with the Domain Registry of Canada it will cost you $40.00!

Most people will never read the complete notice and pay it as if it is an invoice. If you read it carefully, they have two lines in upper case letters that say “This is a solicitation for the order of services and not a bill, invoice or statement of account due. You are under no obligation to make any payments on account of this offer unless you accept this offer.” One of our web design clients in the Vancouver area was tricked into paying this as if it is an invoice and their domain name was transferred to them. The Canadian Domain Registry didn’t make it easy to transfer it away from them after either.

If you receive this notice from the Domain Registry of Canada, do not respond nor send them any money. Feel free to call Hurricane Web Design in Vancouver if you have any questions about your domain names or your web design projects.

Here’s a video about Domain Registry of Canada which shows you what you will receive and more information about why you should just ignore it and throw out the paper work you receive.