Archive for August, 2013

Remember the day before passwords?

Tuesday, August 27th, 2013

“What’s your password?” That is a question I only heard as a kid when I was trying to gain access to my club’s secret tree house. Passwords were not as much a part of our daily lives as they are today. It was not until the days when the ATM became popular that we all had to start memorizing a four digit number. Today, we have a password for everything. From utilities to banking, memberships to education, work to entertainment, there is a password for it. Today, I will share some ideas on how to properly create and maintain your passwords.

The ugly truth is that somewhere, someone is trying to hack into one of your accounts. Hack is an ugly word with many meanings. No, I am not referring to the act of spitting here, although, the act of hacking has me spitting fire at times. The simple truth is that log ins are needed to keep your information private and the reason that is necessary is because there is always someone out there who wants access to that information. For this reason, the password becomes your front line defense against hackers, or people who gain illegal access to a computer network and possibly tampers with information. This is why you want to create strong passwords and properly maintain them.

The first rule is to not have one password for everything. In fact, you really do not want to use the same password for more than one account or log in. The reason is obvious. Let’s say I come in to your office and watch you sign into a website. I might watch your fingers on the keyboard and realize you just typed your name, or a date. You might have been logging in to something as simple as your favorite online game, but if you use the same password on everything else, I just learned the password to get into your credit card accounts and other sensitive areas. Always use a unique password for every log in.

Remember, the best passwords are usually eight characters long or more. It should contain both letters and numbers and punctuation, when allowed. Never use something as simple as your name, your birthdate, your pet’s name, etc. If you are the target of a hacker, those will be the first things they try. You want to make it as hard as possible for someone to guess your password.

Beginning about eighteen months ago, all of our servers began getting flooded with failed email log in attempts. Server logs showed most of these attempts came from foreign countries, mostly from China. The attempted log -ins would have the same email user name used over and over with a different password every time. Essentially, they would start at A and then try B and kept increasing letters by one with each attempt. Other attacks involve simple dictionary words. Both are auto generated log ins attempting to gain access to any email account. Our firewalls block these log in attempts every day and monitor email traffic to prevent your password from getting compromised. The thing to take from this, though, is that if we are getting phished in this manner, so are all the other website servers you log into from time to time.

The next thing you want to keep in mind is that a password is not etched in stone. It is a good practice to change your password frequently. If your password is to get compromised, somehow, it may be some time before you become aware of it. Credit card companies are beginning to require a password change every 60 days. I strongly urge everyone to regularly change all their passwords.

The final step to good password security is to never write it down. If you have a master list of passwords taped to the bottom of your desk blotter, your employees have access to all your accounts each time you step out of the office. The key is to create a password you can remember.

I realize that maintaining dozens of unique, not so obvious passwords without writing them down can seem like a lot of work. However, I have a simple solution. In most cases, you have the ability to change your password on your own. I challenge you to log in to one of your credit card accounts and change the password. The secret is to use a password that you can associate with the account you are trying to log into. Instead of using words or phrases, try creating an acronym for a sentence related to that account. For instance, if you are changing your Visa account log in, think of a phrase that describes what you are trying to do. Something like,
“I need to access my Visa account!”

The acronym (or first letter of each word) for that entire sentence is “IntamVa”. Notice the I and the V are capitalized; that is because I is the first letter of the sentence and V is for Visa, a pronoun. Now, change the t for “to” to a “2” for both of them. The last thing we need to do is add the punctuation, if allowed, and you will have something like, “In2amVa!” The next time you need to log in to the account you ask yourself what needs to be done and that will clue you in on your fancy password.

Security when I was growing up was locking the front door. Today’s high tech world has all of our heads working in ways we could not have imagined. An unfortunate truth is that someone is always trying to break into something, whether it is a store, a house or a computer. For this reason it is important you do your part to support cyber security by protecting your passwords and restricting access to your personal information.