By Graham K. Rogers

Many people these days are aware of the need for passwords on computers although a number of devices I have seen have no password or one that is weak. However, covering risks when the computer or other hardware is in our possession may be of little use if we do not take care to secure the media when it is sold or otherwise disposed of.

A search online for the top passwords shows that too many users still either forget to change from the basic, "password" or use 123456. The top 10 for 2012 according to Ben Waldron on ABC News are

• password
• 123456
• 12345678
• abc123
• qwerty
• monkey
• letmein
• dragon
• 111111
• baseball

Many will use an easy to guess telephone number, a social security number or a variation of the owner's name. If you have bought an Apple computer in Bangkok and asked the store to set it up, the chances are the account name is Apple and the password is simply the Return key (Enter). I always take mine home, format the disk and start again, adding a user account to the required Admin account, and working from that.

While the computer is in the hands of its original owner, it is presumably safe. Presuming it is not lost or stolen (when Apple's Find my Mac can delete sensitive data) eventually the computer will reach the end of its useful life at which stage it may be handed on to someone in the family, or sold.

Within the immediate family security problems should be limited, but if the computer is to be disposed of outside the home (or business) care should be taken to make sure no sensitive date is left on the device.

A quick and easy way with a Mac would be to use System Preferences > Users & Groups to create a new account (or accounts) and then remove the former ones. For some that may suffice, but if the data that was stored on the computer is sensitive (company, personal, financial) users may want to take further steps and reformat the disk.

As with the creation and deletion of accounts, however, with a simple one-time erase (or format) data can be recovered. In Disk Utility, the Erase tab has an Security Options button that reveals a slider marked Fastest to Most Secure.

When the quick format is used information beneath informs the user that files are not securely erased and that recovery can be done. The next option writes zeroes over the disk making it difficult to recover (but not impossible). The third option is the DOE 3-pass erase, while the Most Secure option will keep the Department of Defence happy with a 7-pass erase. It should be impossible to recover any data with this.

Note in the screen shots I use that the disk I accessed was a 4 GB Verbatim flash drive. This was deliberate and for two reasons: I did not want to risk the hard disk on my Mac (even if it is backed up); and removable media such as flash drives, external hard disks and even printers (which have internal memory) are just as likely to hold sensitive data.

When these external media are to be disposed of, then the same sort of care for disposal of the data must be considered as well. In a recent article on disposal of IT assets, Mirko Zorz on Help Net Security, outlines some cases in which computers and drives were not erased effectively and data fell into the wrong hands.

While he is aiming his words at IT professionals, the home user has just as much risk if personal data were to be used by unauthorised persons. Consider carefully how to delete any data before disposing of computers or external media.

Graham K. Rogers teaches at the Faculty of Engineering, Mahidol University in Thailand where he is also Assistant Dean. He wrote in the Bangkok Post, Database supplement on IT subjects. For the last seven years of Database he wrote a column on Apple and Macs.