Mimentum Blog

Posted By Mimenta on February 7, 2010

1. The first defence – the password itself

Have a strong password. Imagine someone found your wallet or purse and you don’t notice it is gone for a few hours.. There are your bank cards and drivers licence. They have your name and date of birth. As an eaxmple if my name is Robert and I was born in 1982, typically my password would be Robert82 (or Rob1982 if a six figure password was required like for Internet banking). This would apply to 72% of all members of the public. Don’t make it easy for the criminals. A few tries and they’d have your password.

• Do not use a dictionary word – they can easily be guessed.

• Use both upper and lower case letters as well as numbers and special characters (like %.^.& and so on.)

• Do not begin the password with a capital letter – you’re back in dictionary mode again.
  

As an eaxmple if my name was Robert and I was born in 1982, typically my password would be Robert82 (or Rob1982 if a six figure password was required (like for Internet banking).

On the other hand 19@Bor is a far more secure password, A password decoder will take far longer to crack this and our criminal would never guess it from looking at your drivers licence..

2. Second line of defence – the equipment – the Vesik method.
Your second line of defence is not to use any untrusted computer to sign in to any site that contains banking or sensitive personal information. Business computers are especially likely to have keyloggers. If you really have to take a risk and you can’t use your trusted home PC then here’s a few steps that will improve your security and minimise the risk of identity fraud. This approach is not 100% foolproof but it is very effective.

Step 1. Click in the password box and type three random characters, mixing upper and lower case, numbers, etc.

Step 2. Use your mouse (or the Shift and arrow keys) amd select the characters you just typed. While they are hilighted, type three more random characters or a portion of your password, (they will replace the characters you typed previously). From a keyloggers point of view the log will show a mix of before and after characters making it far more difficult for keyloggers to identify your password.)

Step 3. Repeat steps 1 and 2 a few times. The more often you repeat the process, the harder it will be for an intruder to discern your password when examining the keylogger file. The password file will become so bloated with keystrokes and almost impossible to determine which strokes replace which other strokes.

Step 4. Click to the left or right of your password segment and follow steps 1 to 3 to add a few more characters. By this stage your 6 character password appears junbled up amongst over 100 characters, any one of which could be a character of the password.

Step 5. Repeat the process, adding a few more bous characters each time then overtyping them with real password characters, unti your entire password is complete. Now press the login and enter the site.

By typing gibberish first, then overtyping with real password characters, this process clutters the keylogger’s log file with a series of click events and characters. There’s no easy way for the intruder to know which characters are your password and which are random. Most password programs do not record the number of corrections you make as you type in your password. They only record actual attempts to log into the site with a password.

They only way a determined cryptologist could get the password is if you typed it in a second time and used a different sequence of type and replace. By comparing the two attempts the common characters in both attempts would denote your password.Criminals use the “ripest fruit” principle. They only take the fruit that is ready to be picked and easiest to reach. If the fruit next to it is riper they will leave yours alone. By making it harder, they will move elsewhere and leave you alone. For any criminal activity, the longer they spend at the illegal act, the higher the risk of detection. A keylogger file laying around for days while it is decrypted is a very high risk for a criminal. They will just delete it and move on to an easier one.

Categories: Business, Computing, Education, Mimentum
Tags: anti-fraud, anti-fraud advice, business advice, Business information, business on line, business success, create a business, Creating a business, fraud, Identity theft, Internet fraud, Internet scams, Internet security, Making money, online business, Online Business creation, Operating Systems, Software, starting your own business, Website design