ILNews

Start Page: Protecting those pesky passwords is necessary evil

Kim Brand
January 4, 2012
Back to TopCommentsE-mailPrintBookmark and Share

StartPageBrand.jpgYou are bad at managing passwords. You may be a good attorney – but you share your passwords with other people, you use the same password on multiple systems, your password is too short or too simple or written on a Post-it note under your keyboard. The truth is: you don’t like passwords or complicated password policies and you don’t think a secure password is worth the trouble.

That was, until the consequences of a data breach made it worth the trouble. That day has come. In fact, that day came long ago. You’ve just been lucky.

Some data breaches are not the result of compromised passwords. Faulty software can expose private data. Your PC can get infected with a virus that delivers your files into the clutches of a server operated by organized crime. Your laptop can get stolen or an emBrand-010612.gifployee may lose your backup on the “thumb drive” he keeps with his keys. All these troubles may lead to data leaks – but cracked passwords are too common and indefensible; you can actually “fix” this source of leaks if you set your mind to it.

By changing your password often you can prevent someone who had access to your account today from having it tomorrow. Passwords that last forever may outlast relationships. Pick a cycle: change of seasons, start and end of school, national holidays or some other easily memorable way to mark the passage of time and use that event as a reminder to change your password.

Complex passwords don’t have to be complicated. With a few simple tricks you can make up passwords that are nearly impossible to guess but easy to remember.

• Use a mix of capital and lower case letters

• Use at least eight characters

• Use numbers and punctuation marks

• Use symbols: %, $, @, etc.

Tech Tip: you can substitute symbols that have a similar appearance:

@ = a

$ = s

0 (zero) for o (oh)

! or 1 for i

3 for e (note that it is just backwards, like: z for s

• Don’t use a word you could find in a dictionary

• Don’t use your name or anyone else’s

• Don’t use a sequence of numbers or letters: 1234 … or abcd … or a phone number

There are 70 times more combinations of nine characters than eight – so pick a longer password if possible.

Analysis of a data breach at a web services provider with millions of users uncovered that the most popular password used was “123456” – the second most popular: password. Don’t be a statistic!

One simple scheme to create a complex password is to join common words separated by special characters. The first part might be “Winter,” “Summer,” “Football,” or “Baseball.” The “season” will be obvious based on the time of year. Then separate them with a special character. For added security, substitute symbols for letters. Here is an example:

W!nter$2o12 – This substitutes 1 for i and o for 0.

If you use the same password everywhere then someone who guesses it will have access to everything. One trick is to add a prefix to identify which device or service the password is for. This way you don’t need to remember lots of passwords, but each one will still be unique.

• For your email: EMail#W!nter$2o12

• For your bank: Bank#W!nter$2o12

• For your computer: PC#W!nter$2o12

• For your Facebook account: FB#W!nter$2o12


Other password strategies include using the first initial of words in a short phrase or breaking up a phrase into parts. Here are five passwords based on a common phrase:


N!tTime4 Now is the time for

Allg00d$ All good

M3n2C0m! Men to come

2the@id0F To the Aid of

The1rC0untry Their Country

Safeguard your passwords. We’ve seen passwords written on whiteboards and collected in spreadsheets shared by everyone in a firm. The problem with shared passwords goes beyond information that may be shared with the wrong people. If someone has your password they can pretend to be you. One of our customer’s email accounts was hacked simply for the purpose of sending tens of thousands of messages that appeared to come from him.

Use a strong password for every system. Even a compromised Facebook account can lead to embarrassing consequences. If you employ people who use passwords make sure they comply with these rules too; and that goes double for IT consultants and other contractors that touch your systems.

Bill Gates famously decreed in 2004 that passwords were dead. There have been inroads made by so-called “two factor” solutions – those that combine something you “know” like a password and something you “have” like a digital “token” (the Yubi Key is my favorite) or something you “are” like a fingerprint – but logins and passwords remain ubiquitous and probably will for a long time.

Make a New Year’s resolution to create a simple password policy that protects your reputation and confidential materials – before you regret it!•

__________

Kim Brand is a technology expert and president of Computer Experts Inc., a 27-year-old IT services company in Indianapolis. He has presented to local and state bar audiences and written for West Publishing and the ILTA. Kim contributed to the “On-Premises” section of the recently released ILTSO.org legal technical standards, and he is the inventor of the FileSafe Server used by many law firms. He may be reached at Kim@ComputerExpertsIndy.com or by phone at 317-833-3000. The opinions expressed are the author’s.

ADVERTISEMENT

Post a comment to this story

COMMENTS POLICY
We reserve the right to remove any post that we feel is obscene, profane, vulgar, racist, sexually explicit, abusive, or hateful.
 
You are legally responsible for what you post and your anonymity is not guaranteed.
 
Posts that insult, defame, threaten, harass or abuse other readers or people mentioned in Indiana Lawyer editorial content are also subject to removal. Please respect the privacy of individuals and refrain from posting personal information.
 
No solicitations, spamming or advertisements are allowed. Readers may post links to other informational websites that are relevant to the topic at hand, but please do not link to objectionable material.
 
We may remove messages that are unrelated to the topic, encourage illegal activity, use all capital letters or are unreadable.
 

Messages that are flagged by readers as objectionable will be reviewed and may or may not be removed. Please do not flag a post simply because you disagree with it.

Sponsored by
ADVERTISEMENT
Subscribe to Indiana Lawyer
  1. Have been seeing this wonderful physician for a few years and was one of his patients who told him about what we were being told at CVS. Multiple ones. This was a witch hunt and they shold be ashamed of how patients were treated. Most of all, CVS should be ashamed for what they put this physician through. So thankful he fought back. His office is no "pill mill'. He does drug testing multiple times a year and sees patients a minimum of four times a year.

  2. Brian W, I fear I have not been sufficiently entertaining to bring you back. Here is a real laugh track that just might do it. When one is grabbed by the scruff of his worldview and made to choose between his Confession and his profession ... it is a not a hard choice, given the Confession affects eternity. But then comes the hardship in this world. Imagine how often I hear taunts like yours ... "what, you could not even pass character and fitness after they let you sit and pass their bar exam ... dude, there must really be something wrong with you!" Even one of the Bishop's foremost courtiers said that, when explaining why the RCC refused to stand with me. You want entertaining? How about watching your personal economy crash while you have a wife and five kids to clothe and feed. And you can't because you cannot work, because those demanding you cast off your Confession to be allowed into "their" profession have all the control. And you know that they are wrong, dead wrong, and that even the professional code itself allows your Faithful stand, to wit: "A lawyer may refuse to comply with an obligation imposed by law upon a good faith belief that no valid obligation exists. The provisions of Rule 1.2(d) concerning a good faith challenge to the validity, scope, meaning or application of the law apply to challenges of legal regulation of the practice of law." YET YOU ARE A NONPERSON before the BLE, and will not be heard on your rights or their duties to the law -- you are under tyranny, not law. And so they win in this world, you lose, and you lose even your belief in the rule of law, and demoralization joins poverty, and very troubling thoughts impeaching self worth rush in to fill the void where your career once lived. Thoughts you did not think possible. You find yourself a failure ... in your profession, in your support of your family, in the mirror. And there is little to keep hope alive, because tyranny rules so firmly and none, not the church, not the NGO's, none truly give a damn. Not even a new court, who pay such lip service to justice and ancient role models. You want entertainment? Well if you are on the side of the courtiers running the system that has crushed me, as I suspect you are, then Orwell must be a real riot: "There will be no curiosity, no enjoyment of the process of life. All competing pleasures will be destroyed. But always — do not forget this, Winston — always there will be the intoxication of power, constantly increasing and constantly growing subtler. Always, at every moment, there will be the thrill of victory, the sensation of trampling on an enemy who is helpless. If you want a picture of the future, imagine a boot stamping on a human face — forever." I never thought they would win, I always thought that at the end of the day the rule of law would prevail. Yes, the rule of man's law. Instead power prevailed, so many rules broken by the system to break me. It took years, but, finally, the end that Dr Bowman predicted is upon me, the end that she advised the BLE to take to break me. Ironically, that is the one thing in her far left of center report that the BLE (after stamping, in red ink, on Jan 22) is uninterested in, as that the BLE and ADA office that used the federal statute as a sword now refuses to even dialogue on her dire prediction as to my fate. "C'est la vie" Entertaining enough for you, status quo defender?

  3. Low energy. Next!

  4. Had William Pryor made such provocative statements as a candidate for the Indiana bar he could have been blackballed as I have documented elsewhere on this ezine. That would have solved this huuuge problem for the Left and abortion industry the good old boy (and even girl) Indiana way. Note that Diane Sykes could have made a huuge difference, but she chose to look away like most all jurists who should certainly recognize a blatantly unconstitutional system when filed on their docket. See footnotes 1 & 2 here: http://caselaw.findlaw.com/us-7th-circuit/1592921.html Sykes and Kanne could have applied a well established exception to Rooker Feldman, but instead seemingly decided that was not available to conservative whistleblowers, it would seem. Just a loss and two nice footnotes to numb the pain. A few short years later Sykes ruled the very opposite on the RF question, just as she had ruled the very opposite on RF a few short years before. Indy and the abortion industry wanted me on the ground ... they got it. Thank God Alabama is not so corrupted! MAGA!!!

  5. OK, take notice. Those wondering just how corrupt the Indiana system is can see the picture in this post. Attorney Donald James did not criticize any judges, he merely, it would seem, caused some clients to file against him and then ignored his own defense. James thus disrespected the system via ignoring all and was also ordered to reimburse the commission $525.88 for the costs of prosecuting the first case against him. Yes, nearly $526 for all the costs, the state having proved it all. Ouch, right? Now consider whistleblower and constitutionalist and citizen journalist Paul Ogden who criticized a judge, defended himself in such a professional fashion as to have half the case against him thrown out by the ISC and was then handed a career ending $10,000 bill as "half the costs" of the state crucifying him. http://www.theindianalawyer.com/ogden-quitting-law-citing-high-disciplinary-fine/PARAMS/article/35323 THE TAKEAWAY MESSAGE for any who have ears to hear ... resist Star Chamber and pay with your career ... welcome to the Indiana system of (cough) justice.

ADVERTISEMENT