- Internet & the Web
How Somebody Can Find Out Your Password
Helen came up to me the other day and challenged me to find out the password to her AOL account. After the incident in which somebody hacked her account because her password was “password”, she now had a superduper password with completely random characters. She said that even if I were to use a software that tries all the possible combinations of her password, it will take many years before I can find out her password.
I said I was always game for a challenge and asked her to get me a cup of coffee, since it could take a while. She returned a few minutes later to find me gleefully browsing the contents of her email account, and asking why she took such a long time.
“You did everything right,” I said. “But I noticed, among all the names, phone numbers and appointments on your management calendar, a meaningless string of characters and guessed that it’s got to be a password to something. I tried it on your AOL account and it worked.”
In other words, you can have the best password in the world, but if you are not careful about safeguarding it, it defeats the purpose of coming up with the uncrackable password. The following highlights common ways that somebody can find out your password and what you can do to stop them.
Looking Over Your Shoulder
Whether at the office or at the mall, this time tested method is extremely efficient in finding out your password. So, when you are entering the characters into the keyboard or numeric keypad, have a feel of the people around you and make sure they don’t get a clear view of what you are entering.
Don’t Write Down Your Password
Amazingly, this simple rule is broken all the time. There are actually cases of people writing down their password to access the ATM on their ATM card itself. They couldn’t have made it simpler for someone to steal their password if they had wanted to.
There are also many cases of passwords written on post it notes and stuck onto the computer screen. There are also passwords hidden under the keyboard, in the drawer or stored in a computer file named “passwords.txt”.
But having to remember all those passwords is a pain in the you know where. So, if you really have to write down your password, then make sure you keep it in a secure place, like in your safe. And don’t write down what the password is for. And if you want to store it in a computer, at the very least, make sure it is a password protected file. And don’t name the file “passwords.txt”, or anything similar, and don’t use the word password in the file.
Giving Somebody Your Password
Everybody tells you that you should never tell somebody your password. And they are right. But there are some occasions in which you have to give somebody access to your account, and they need your password. Perhaps you paid somebody online to set up a script for you and they need access to your web hosting account.
You can consider 2 options in this case. You can give him your actual password and change it after the job is done. The better option would be to change your password to a temporary one and give him that password to access your account. Just don’t forget to change your password back to your original password once he has the script running properly.
Using Public Computers
If it is at all possible, do not use a public computer to log in to your accounts. The security risk when doing this is many and varied, and it is really difficult to tell what kind of risk you are exposing yourself to.
If you really have to use a public computer, make sure you change your password as soon as possible after using it. And remember to log out before leaving the computer. If the website does not give you an option to log out, browsing to another website might not automatically log you out. You must close the browser to ensure that you are logged out.
The AutoFill Option
You know the autofill option for forms that you can find in your browser? You simply visit a website once, fill in the form, and when you visit again, the form gets filled for you automatically. It’s a very convenient feature, but you have to be careful when using it to fill up your username and password.
Be mindful that somebody else can just as easily use that option to access your account. In addition, while they won’t know your password, it might just be possible for them to change your password to another one without supplying the old one, so that you will find yourself locked out of your own account!