Easy to guess passwords are a major weakness in computer security. Facebook have just launched a service that offers temporary password that last for only 20 minutes. This solution is designed for those who wish to access the Internet from a public computer, which could be already infected with keyloggers. The use of regular password on these machines can easily expose your accounts to anyone. To avoid this, the user can send an SMS to Facebook to request for a temporary, disposable password. If you have a mobile number registered in your profile, Facebook can check the authenticity of your request and send you one of these keys. The service is already active in the United States and will soon be available in other countries.
Even with this measure, your password may not be entirely secure, as there could be some predictable patterns in it, which make it more vulnerable to dictionary attack. There are many password generators available online, where you can get a password that is not easily predictable, have an acceptable length, include different types of characters and sufficiently unique.
Attackers can still use brute force, with an obvious advantage that the computer never gets tired of generating thousands of password each second to break into your account. A solution to nullify its effectiveness is by asking the service to limit login attempts.
Many Facebook users still use date of birth, account name and pet’s name as passwords. Some even use simple combinations such as “123456” or “iloveyou”. The solution is to use a long password, the problem is that users may easily forget them in just a few days. It is a good idea to use an easy-to-remember passphrase, for example ‘mydoghasafunnyshorttail’ may offer more security than “mydogisfunny’.
Another measure is to not repeat the same password for all online accounts. The danger is that if your password is obtained by someone, he may get access to email, file sharing or worse your online bank account. But using different password in each account again you may find it hard to remember them all. To overcome this obstacle, some people save them in a simple text file. But if someone has access to it, he will have all your passwords. You may use PasswordSafe, which generate an encrypted file to protect all of your passwords. As always, it is not one hundred percent safe. If your computer is infected with a virus that reads each keystroke, the virus will forward all important information to the assailant.
The only foolproof way is to change your password frequently, however in the end, the changes can become very predictable, such as ‘jack1’, ‘jack2’, so on. Again, it is recommended to use a long easy-to-remember passphrase.
There are many ways to steal a password, even when you have the best password protection system, attackers can still use social engineering, for example, they may call new employees of a company by pretending as a network administrator from a distant branch office and ask critical information such usernames and passwords.