Great Rule, Terrible Password: trustno1

Password

Passwords are the key to all the systems and applications we use every day to do everything from reading the daily e-paper, saying hello to our friends and family, making purchases and performing all things banking and financial. In short, in this electronic digital age user names and passwords are the keys to our whole life.  They are every bit as important to maneuvering through life as our social security number (that 9 digit number that reveals to the whole of our world who we really are) only worse, there are many more than just one to remember.  And if you are like the guy who still cannot remember where the social security card went to forty years ago, remembering all the user names and passwords is an example of certain impossibility.  And simplifying the process of invention and storage may well invite certain calamity and wide spread mayhem through our daily lives.

Compromised passwords are one of the means by which unauthorized people, Hackers, gain access to our systems. Someone logging on under your name has access not only to your computer files, but may also have access to your personal information and may impersonate you to send malicious e-mail or order embarrassing online products and services.   Selecting unique and secure passwords is essential to avoiding disaster, but what denotes unique or qualifies as secure?

Believe it or not “Password” has topped the list of the most popular and the worst password for many consecutive years now, followed by “123456” and “12345678”.  Honestly now, ”password” is as effective to hiding your important data from a hacker as the cookie jar is to hiding my wife’s newest batch of freshly baked cookies from her resident cookie monster.  You may as well ring a bell and erect a billboard declaring, “Come and get it!”

Some new entrants this year for the least imaginative and secure passwords of all times include; “ninja”, “jesus,” and the highly imaginative “password1.”  They will join the ranks of “baseball,” “monkey,” “iloveyou,” and “111111”.

Having a different password for each service is a must in today’s online world, but there’s a terrible weakness to randomly generated passwords: it’s impossible to remember them all.  The trick to remembering a large number of passwords is having a base password you change according to the service you’re signing up to.  It should be at least 8 characters in length, contain both upper and lowercase alphabetic characters (e.g. A-Z, a-z), have at least one numerical character (e.g. 0-9), and have at least one special character (e.g. ~ ! @ # $ % ^ & * ( ) – _ + =).  Great, all we needed was more than ten numbers and 26 letters.

As a general rule, you should avoid writing down your passwords (sure, no problem) but in cases where it is necessary passwords should be stored in a secure location (remember the cookie jar analogy) and never be stored in an unencrypted electronic file named “my passwords”.  Really!  Software like Keepass and Password Safe are available to secure all your passwords in one place and give you access to the list with just one password.  Norton’s Identity Safe option allows for similar secure storage of passwords with an additional automatic-fill feature to its subscribers as well but both provide their own security risks. Get around the one password and a hacker has the keys to everything.

There are few absolute “don’ts” to avoid if you want to secure your data:

  • Never share your passwords to anyone.
  • Do not respond to emails from someone you don’t know
  • Do not use personal information like your name, address or birthdate as part of a password
  • Avoid single word “passwords” or use one password for every site
  • Do not write or keep passwords where they may be seen or found by others

As intruders become more and more accomplished at gaining unauthorized access to user identifications an passwords, devising longer and more complex passwords are sure to become necessary to keep private information safe.  Speaking on a TechCrunch Disrupt panel called “Spies Like Us,” Heather Adkins, Google’s manager of information security, told moderator Greg Ferenstein that in the future, the “game is over for” any startup that relies on passwords as its chief method to secure users and their data.   She talked briefly about Google’s use of two-step authentication and the fact that the search giant has been working to innovate in the area of non-standard password security.  New startups looking for ways to keep their users secure should know one thing, Adkins said, “Passwords are dead.”

Until alternative methods are available, perhaps the best and most absolute rule to follow in life and in passwords is “trustno1”.  Great rule, terrible password!

Leave a Reply