 The magazine of the Melbourne PC User Group James Bond - eh! What's your password? Stan Johnstone stanj@melbpc.org.au |
 |
With the increasing use of electronic services, we are faced more and more
each day with the need to remember passwords, pin numbers, or other codes in order to do our banking, use our
computers, security systems, etc. The temptation is to often use the one code as widely as possible, or to
use one that is very familiar to you and easily remembered. Both approaches are equally dangerous.
When photocopiers first came on the market with the option to key in a code for cost recording, servicemen
were usually able to gain access within three or four tries - the use of either "000" and "999" would
generally be used by someone or other, and after all, security was not all that important.
Today when Internet users provide us with their password for testing their connection, too often we find the
password is their wife's, their dog's, or some other easily remembered name. Phone numbers and birth dates
are equally common, and so if someone knows you and your family well, with some determined trial and error
and they will probably "crack" your code.
Some general advice on using passwords
- Don't use a name or number that can be associated with you
- Don't use a word that would be found in a dictionary
- Use a "word" with mixed upper- and lower-case, ideally with numbers and/or special keyboard characters included.
- Change passwords frequently
- Don't leave your passwords lying around for others to use.
Storing passwords on your computer
Many programs offer the facility to store your password on your computer, and your password will appear as a row of asterisks similar to that shown here in Figure 1. Provided that your computer is secure it is possibly quite safe to do this, and it certainly does speed things up when making connections, accessing mailboxes, etc. But you do put yourself at risk, and it is your responsibility to decide the level of your security! In my own case I need to use several passwords daily for various system uses which are not able to be stored, and typing each time becomes automatic due to frequent use.
However we do get frequent queries from users who have lost or forgotten
their password and ask if we could remind them what it is. Unfortunately we are unable to do this as
passwords are stored in encrypted form on the system, and we are not able to decrypt them. As an example one
7-character password I use is stored on the system as: hKWw.yfClPulBho
This is why we cannot advise a password and our only option is to rest or overwrite with a new password for
the user, and with their access again restored ask that they then access the system and change the password
again to one that only they know.
007 Password Recovery
There are programs available to convert that row of asterisks stored on your PC to the password that has been
entered. Probably the best is a Freeware program. from
http://www.iopus.com named 007 Password Recovery. This program (007pwd_setup.exe) is only
175 KB it size can be downloaded from their site or from
http://www.melbpc.org.au/pcupdate/2010/007pwd_setup.exe and is quickly installed.
|
|
|
When the program is run it opens a panel as shown in Figure 2,
and by moving the "key" icon across to the row of asterisks, the original source password is revealed as
shown in the example. This works with most Windows programs - certainly all I have tried. So there is no need
to ask, "What's my password? I've forgotten" - you can now look for yourself.
This program has not been described here for the purpose of encouraging the "cracking" of other person's
passwords, but as a help for your own use. However it does serve to illustrate how easy it can be for someone
to discover your password and possibly gain access to your system. All this takes us back to the general
advice on passwords listed above.
[ By the way - the passwords used in this article are not my real ones - I'm not
that silly! ]
Reprinted from the October 2000 issue of PC Update, the
magazine of Melbourne PC User Group, Australia
