Veled
(?)Community Member
Offline
- Posted: Sat, 12 Aug 2006 02:51:08 +0000
Scared of Hackers?
The Good News:
- Gaia is as secure as any other PHP message board, so the odds of Gaia itself being hacked are zilch and none.
- Even if Gaia were to be hacked on a massive scale, it'd be easily detectable and the Mods would be able to correct it via a rollback or other large-scale action because they keep backups.
The Bad News:
- Most 'hackings' on Gaia come from either giving out your password, or somehow having a form of malware on your computer, including keyloggers.
- Most keyloggers come from wares, porn, or other software 'hacks' and spyware that may be on your computer. If you're doing naughty things online, you're at risk.
- Stop Using Internet Explorer 6. Internet Explorer is full of holes and exploits, and most of these bad programs I mentioned above are designed to work with IE 6 because it's the most popular browser on the internet. If you're worried about what program to use instead, Firefox is easy to install, updates much more often, and will help you see fewer popups.
- If your password is 'password', you'll still get hacked no matter how careful you are. You have a password for a reason, after all.
That's where this guide comes in.
HOW TO MAKE A SECURE PASSWORD:
Know your Character Classes.
Most 'professional' hacking tools use a brute-force password cracker, which basically means if they know it's a six-character password or longer, they start with 'aaaaaa' and cycle through all the letters to 'zzzzzz' until they hit on yours. NOTE: This is just an example, NOT necessarily how all crackers work.
There are 26 possible combinations for each character space that the cracker attempts, meaning that there are 26 to the 6th power (26^6) combinations the cracker tries. But note in our example it only used lowercase letters! If you include uppercase letters, it becomes 52^6, which is a MUCH bigger number! And if you include numbers? It's 62^6!
Now those are big numbers, sure, but a computer can crunch them really, really fast if it wants to. The more different types of characters you use in your password, the harder you make your password to crack. And the longer you make your password, the more combinations it has to try! If you have a password that's nine letters long that uses numbers and both cases of letters, that's 62^9, which is... well, let's just say that cracker will likely freeze up first.
Make a password YOU will remember.
It's tempting to just lay down a random swath on the keyboard and go 'okay, that's my password', but think about it. If you can't remember it, you'll have to write it down somewhere you'll see it, and if anyone else sees it, suddenly THEY know your password too!
This is a type of hacking known as social engineering, and it means that they manipulate you into giving them this sensitive information. You have to make a password you'll remember!
How do you do it? It's real easy!
Come up with a phrase of personal significance to YOU, not to your favorite football team, or a popular anime, or your high school, unless it's a really obscure reference from within one of those things. For our example, let's use:
Courtney Gears
(Props if anyone gets the reference smile ) Anyway, it its current form it's a little easy for anyone who knows you to get this one. So, let's codeify it. We'll start with the all-lowercase version:
courtneygears
We'll capitalize certain letters that we think stick out in our brains:
CourtNeyGears
We'll 1337-ify it up a bit:
C0urtNeyGear5
And, if we can, we may as well slip in an 'extra' character class outside of the ones we mentioned before:
C0urtNey!Gear5
And voila, we just made a password that uses four different character classes, AND is thirteen characters long! It's that simple! Best of all, it's easy for you to remember, because all you have to think of is your original phrase, and after a few tries, you'll remember your special way of mangling it!
We could have also come up with _c0urtn3yGEARS, or CoUr7#nEy#ge4rs, or all sorts of combinations, just from this one phrase!
Make sure to practice typing your new password a new times (in notepad, perhaps) to train your fingers to typing it, and remember: Don't tell anyone your new password, or it's useless!
(and FYI, No, my password is NOT Courtney Gears in any way shape or form. It's just an example. Don't use my example for your password either.)