Information Technology Reference
In-Depth Information
looking over the shoulder of a legitimate computer user to learn his login name and
password, is a common way that hackers gain access to computers.
Dumpster diving
means looking through garbage for interesting bits of information. Companies typically
do not put a fence around their dumpsters. In midnight rummaging sessions, hackers
have found user manuals, phone numbers, login names, and passwords.
Social engi-
neering
refers to the manipulation of a person inside the organization to gain access
to confidential information. Social engineering is easier in large organizations where
people do not know each other very well. For example, a hacker may identify a system
administrator and call that person, pretending to be the supervisor of his supervisor
and demanding to know why he can't access a particular machine. In this situation, a
cowed system administrator, eager to please his boss's boss, may be talked into revealing
or resetting a password [4].
You probably have many online accounts. Your choice of passwords for these ac-
counts is an important determinant of how safe your accounts are from hackers (see
sidebar).
Sidebar: Responsible computer users take passwords seriously
Here is a list of password dos and don'ts from security experts [5, 6].
.
Do not use short passwords.
Modern computers can quickly crack short passwords. As
a general rule, the longer a password is, the less likely it is to be guessed.
.
Do not use a word from the dictionary.
Again, such a password is too easy to crack.
.
Do not rely on substituting numbers for letters
(e.g., replacing āEā with ā3ā). Password-
cracking programs know these tricks.
.
Do not reuse passwords.
If accounts share passwords, as soon as one account is com-
promised, the other ones are, too. If you must write down your passwords on a piece of
paper in order to remember them, that is safer than reusing passwords in today's envi-
ronment where an online attack is a greater danger than someone rummaging through
your desk.
.
Give ridiculous answers to security questions.
That way they serve as a secondary pass-
word. Example: What is your pet's name? Ford Fiesta.
.
Enable two-factor authentication if available.
When you log in from an unfamiliar
computer, the system will send you a text message with a confirmation code.
.
Have password recoveries sent to a secure email address.
You don't want hackers to
know where your password reset messages are sent. Have these messages sent to an
account you never use to send email.
Under US law, the maximum penalties for hacking are severe. The Computer Fraud and
Abuse Act criminalizes a wide variety of hacker-related activities, including
