Internet security … or not

We are all told to be careful about Internet “hygiene”. There are cybercriminals out there who want to gain access to our systems for a variety of reasons, all of which are bad. The advice to take care is sound, but some of the details are questionable and many people have somewhat misplaced priorities. I have had a few recent experiences that highlight this …

Even if you only make minimal use of the Internet, you will have been required to set up some passwords. And I can guarantee that this has been a source of aggravation and inconvenience. Some websites demand a mixture of upper- and lower-case letters; others want numbers and letters; sometimes there must be special characters; maybe they want all of these. This complication is all in the name of security, but it is mistaken. Numerous studies have shown that the longer a password is, the harder it is to crack. This works for two reasons. Human hackers rely mostly on being able to guess a password; a long one is likely to be harder to guess. Software tools used by hackers use a “brute force” approach to cracking a password by trying a very large number of combinations; a long password can render this approach to cracking unusable.

A simple way to create a long password is to choose a phrase [that you can remember!] and use it with no spaces. For example, you might use: ialwaysreadthecolinwallsblog. ? Once you are familiar with your phrase, typing it becomes very automatic. A small improvement in security is provided by using a different password for each website. One way to achieve this is to append the [say] first 2 letters of the site’s domain name to your phrase. So, you password for mentor.com might be ialwaysreadthecolinwallsblogme.

Another place where passwords are used is WiFi routers. In this case the password serves to give you access to the router and it is also used to encrypt the wireless data communications. A different strategy may be required to create good passwords, as you commonly need to share them – with a house guest, for example. Apple devices have a handy password sharing mechanism, that I find very useful. But other brands of phone/tablet/computer are [apparently] available. An idea that I came across recently was to just use the landline phone number. This is long enough and probably easy to remember.

My wife’s family have a holiday home in a remote location in the west of England. We had broadband installed there, even though the performance is, to say the least, modest, as it is old style ADSL. But it is better than nothing. I changed the the name of the router [the SSID to be precise] to be the name of the house, as that made it easy to recognize. I removed the need to use a password at all. This seems to unnerve some guests, as they feel that their Internet connection is insecure. Theoretically, they are right, but in such a location – more than half a mile from the nearest main road or other property, the possibilities for snooping are very limited!

I was recently staying at a small hotel for a business meeting. One of my colleagues wanted to print his boarding pass for a flight that afternoon. I suggested that he just keep it on his phone, but he is old fashioned and likes a piece of pear in his hand. The hotel were happy to print it for him, but would not accept an email attachment “for security reasons”. He borrowed a USB stick [thumb drive] from me, but they refused that too, being worried about viruses. The hotel’s concern were quite valid, but doing a virus check would be more customer-friendly than a flat refusal. They suggested using DropBox – as if that really protected them. I did a little investigating and found that the hotel’s WiFi printer was accessible to me, so I just printed the boarding pass. The hotel were, to say the least, surprised that this was possible. They are lucky that I am not a hacker!

Leave a Reply

This article first appeared on the Siemens Digital Industries Software blog at https://blogs.sw.siemens.com/embedded-software/2018/10/18/internet-security-or-not/