ILNews

Start Page: Protecting those pesky passwords is necessary evil

Kim Brand
January 4, 2012
Back to TopCommentsE-mailPrintBookmark and Share

StartPageBrand.jpgYou are bad at managing passwords. You may be a good attorney – but you share your passwords with other people, you use the same password on multiple systems, your password is too short or too simple or written on a Post-it note under your keyboard. The truth is: you don’t like passwords or complicated password policies and you don’t think a secure password is worth the trouble.

That was, until the consequences of a data breach made it worth the trouble. That day has come. In fact, that day came long ago. You’ve just been lucky.

Some data breaches are not the result of compromised passwords. Faulty software can expose private data. Your PC can get infected with a virus that delivers your files into the clutches of a server operated by organized crime. Your laptop can get stolen or an emBrand-010612.gifployee may lose your backup on the “thumb drive” he keeps with his keys. All these troubles may lead to data leaks – but cracked passwords are too common and indefensible; you can actually “fix” this source of leaks if you set your mind to it.

By changing your password often you can prevent someone who had access to your account today from having it tomorrow. Passwords that last forever may outlast relationships. Pick a cycle: change of seasons, start and end of school, national holidays or some other easily memorable way to mark the passage of time and use that event as a reminder to change your password.

Complex passwords don’t have to be complicated. With a few simple tricks you can make up passwords that are nearly impossible to guess but easy to remember.

• Use a mix of capital and lower case letters

• Use at least eight characters

• Use numbers and punctuation marks

• Use symbols: %, $, @, etc.

Tech Tip: you can substitute symbols that have a similar appearance:

@ = a

$ = s

0 (zero) for o (oh)

! or 1 for i

3 for e (note that it is just backwards, like: z for s

• Don’t use a word you could find in a dictionary

• Don’t use your name or anyone else’s

• Don’t use a sequence of numbers or letters: 1234 … or abcd … or a phone number

There are 70 times more combinations of nine characters than eight – so pick a longer password if possible.

Analysis of a data breach at a web services provider with millions of users uncovered that the most popular password used was “123456” – the second most popular: password. Don’t be a statistic!

One simple scheme to create a complex password is to join common words separated by special characters. The first part might be “Winter,” “Summer,” “Football,” or “Baseball.” The “season” will be obvious based on the time of year. Then separate them with a special character. For added security, substitute symbols for letters. Here is an example:

W!nter$2o12 – This substitutes 1 for i and o for 0.

If you use the same password everywhere then someone who guesses it will have access to everything. One trick is to add a prefix to identify which device or service the password is for. This way you don’t need to remember lots of passwords, but each one will still be unique.

• For your email: EMail#W!nter$2o12

• For your bank: Bank#W!nter$2o12

• For your computer: PC#W!nter$2o12

• For your Facebook account: FB#W!nter$2o12


Other password strategies include using the first initial of words in a short phrase or breaking up a phrase into parts. Here are five passwords based on a common phrase:


N!tTime4 Now is the time for

Allg00d$ All good

M3n2C0m! Men to come

2the@id0F To the Aid of

The1rC0untry Their Country

Safeguard your passwords. We’ve seen passwords written on whiteboards and collected in spreadsheets shared by everyone in a firm. The problem with shared passwords goes beyond information that may be shared with the wrong people. If someone has your password they can pretend to be you. One of our customer’s email accounts was hacked simply for the purpose of sending tens of thousands of messages that appeared to come from him.

Use a strong password for every system. Even a compromised Facebook account can lead to embarrassing consequences. If you employ people who use passwords make sure they comply with these rules too; and that goes double for IT consultants and other contractors that touch your systems.

Bill Gates famously decreed in 2004 that passwords were dead. There have been inroads made by so-called “two factor” solutions – those that combine something you “know” like a password and something you “have” like a digital “token” (the Yubi Key is my favorite) or something you “are” like a fingerprint – but logins and passwords remain ubiquitous and probably will for a long time.

Make a New Year’s resolution to create a simple password policy that protects your reputation and confidential materials – before you regret it!•

__________

Kim Brand is a technology expert and president of Computer Experts Inc., a 27-year-old IT services company in Indianapolis. He has presented to local and state bar audiences and written for West Publishing and the ILTA. Kim contributed to the “On-Premises” section of the recently released ILTSO.org legal technical standards, and he is the inventor of the FileSafe Server used by many law firms. He may be reached at Kim@ComputerExpertsIndy.com or by phone at 317-833-3000. The opinions expressed are the author’s.

ADVERTISEMENT

Post a comment to this story

COMMENTS POLICY
We reserve the right to remove any post that we feel is obscene, profane, vulgar, racist, sexually explicit, abusive, or hateful.
 
You are legally responsible for what you post and your anonymity is not guaranteed.
 
Posts that insult, defame, threaten, harass or abuse other readers or people mentioned in Indiana Lawyer editorial content are also subject to removal. Please respect the privacy of individuals and refrain from posting personal information.
 
No solicitations, spamming or advertisements are allowed. Readers may post links to other informational websites that are relevant to the topic at hand, but please do not link to objectionable material.
 
We may remove messages that are unrelated to the topic, encourage illegal activity, use all capital letters or are unreadable.
 

Messages that are flagged by readers as objectionable will be reviewed and may or may not be removed. Please do not flag a post simply because you disagree with it.

Sponsored by
ADVERTISEMENT
Subscribe to Indiana Lawyer
  1. On a related note, I offered the ICLU my cases against the BLE repeatedly, and sought their amici aid repeatedly as well. Crickets. Usually not even a response. I am guessing they do not do allegations of anti-Christian bias? No matter how glaring? I have posted on other links the amicus brief that did get filed (search this ezine, e.g., Kansas attorney), read the Thomas More Society brief to note what the ACLU ran from like vampires from garlic. An Examiner pledged to advance diversity and inclusion came right out on the record and demanded that I choose Man's law or God's law. I wonder, had I been asked to swear off Allah ... what result then, ICLU? Had I been found of bad character and fitness for advocating sexual deviance, what result then ICLU? Had I been lifetime banned for posting left of center statements denigrating the US Constitution, what result ICLU? Hey, we all know don't we? Rather Biased.

  2. It was mentioned in the article that there have been numerous CLE events to train attorneys on e-filing. I would like someone to provide a list of those events, because I have not seen any such events in east central Indiana, and since Hamilton County is one of the counties where e-filing is mandatory, one would expect some instruction in this area. Come on, people, give some instruction, not just applause!

  3. This law is troubling in two respects: First, why wasn't the law reviewed "with the intention of getting all the facts surrounding the legislation and its actual impact on the marketplace" BEFORE it was passed and signed? Seems a bit backwards to me (even acknowledging that this is the Indiana state legislature we're talking about. Second, what is it with the laws in this state that seem to create artificial monopolies in various industries? Besides this one, the other law that comes to mind is the legislation that governed the granting of licenses to firms that wanted to set up craft distilleries. The licensing was limited to only those entities that were already in the craft beer brewing business. Republicans in this state talk a big game when it comes to being "business friendly". They're friendly alright . . . to certain businesses.

  4. Gretchen, Asia, Roberto, Tonia, Shannon, Cheri, Nicholas, Sondra, Carey, Laura ... my heart breaks for you, reaching out in a forum in which you are ignored by a professional suffering through both compassion fatigue and the love of filthy lucre. Most if not all of you seek a warm blooded Hoosier attorney unafraid to take on the government and plead that government officials have acted unconstitutionally to try to save a family and/or rescue children in need and/or press individual rights against the Leviathan state. I know an attorney from Kansas who has taken such cases across the country, arguing before half of the federal courts of appeal and presenting cases to the US S.Ct. numerous times seeking cert. Unfortunately, due to his zeal for the constitutional rights of peasants and willingness to confront powerful government bureaucrats seemingly violating the same ... he was denied character and fitness certification to join the Indiana bar, even after he was cleared to sit for, and passed, both the bar exam and ethics exam. And was even admitted to the Indiana federal bar! NOW KNOW THIS .... you will face headwinds and difficulties in locating a zealously motivated Hoosier attorney to face off against powerful government agents who violate the constitution, for those who do so tend to end up as marginalized as Paul Odgen, who was driven from the profession. So beware, many are mere expensive lapdogs, the kind of breed who will gladly take a large retainer, but then fail to press against the status quo and powers that be when told to heel to. It is a common belief among some in Indiana that those attorneys who truly fight the power and rigorously confront corruption often end up, actually or metaphorically, in real life or at least as to their careers, as dead as the late, great Gary Welch. All of that said, I wish you the very best in finding a Hoosier attorney with a fighting spirit to press your rights as far as you can, for you do have rights against government actors, no matter what said actors may tell you otherwise. Attorneys outside the elitist camp are often better fighters that those owing the powers that be for their salaries, corner offices and end of year bonuses. So do not be afraid to retain a green horn or unconnected lawyer, many of them are fine men and woman who are yet untainted by the "unique" Hoosier system.

  5. I am not the John below. He is a journalist and talk show host who knows me through my years working in Kansas government. I did no ask John to post the note below ...

ADVERTISEMENT