ILNews

  • Home

Start Page: Protecting those pesky passwords is necessary evil

Kim Brand
January 4, 2012
Keywords
OpinionStart Page: Kim BrandViewpoint
Back to TopCommentsE-mailPrint

StartPageBrand.jpgYou are bad at managing passwords. You may be a good attorney – but you share your passwords with other people, you use the same password on multiple systems, your password is too short or too simple or written on a Post-it note under your keyboard. The truth is: you don’t like passwords or complicated password policies and you don’t think a secure password is worth the trouble.

That was, until the consequences of a data breach made it worth the trouble. That day has come. In fact, that day came long ago. You’ve just been lucky.

Some data breaches are not the result of compromised passwords. Faulty software can expose private data. Your PC can get infected with a virus that delivers your files into the clutches of a server operated by organized crime. Your laptop can get stolen or an emBrand-010612.gifployee may lose your backup on the “thumb drive” he keeps with his keys. All these troubles may lead to data leaks – but cracked passwords are too common and indefensible; you can actually “fix” this source of leaks if you set your mind to it.

By changing your password often you can prevent someone who had access to your account today from having it tomorrow. Passwords that last forever may outlast relationships. Pick a cycle: change of seasons, start and end of school, national holidays or some other easily memorable way to mark the passage of time and use that event as a reminder to change your password.

Complex passwords don’t have to be complicated. With a few simple tricks you can make up passwords that are nearly impossible to guess but easy to remember.

• Use a mix of capital and lower case letters

• Use at least eight characters

• Use numbers and punctuation marks

• Use symbols: %, $, @, etc.

Tech Tip: you can substitute symbols that have a similar appearance:

@ = a

$ = s

0 (zero) for o (oh)

! or 1 for i

3 for e (note that it is just backwards, like: z for s

• Don’t use a word you could find in a dictionary

• Don’t use your name or anyone else’s

• Don’t use a sequence of numbers or letters: 1234 … or abcd … or a phone number

There are 70 times more combinations of nine characters than eight – so pick a longer password if possible.

Analysis of a data breach at a web services provider with millions of users uncovered that the most popular password used was “123456” – the second most popular: password. Don’t be a statistic!

One simple scheme to create a complex password is to join common words separated by special characters. The first part might be “Winter,” “Summer,” “Football,” or “Baseball.” The “season” will be obvious based on the time of year. Then separate them with a special character. For added security, substitute symbols for letters. Here is an example:

W!nter$2o12 – This substitutes 1 for i and o for 0.

If you use the same password everywhere then someone who guesses it will have access to everything. One trick is to add a prefix to identify which device or service the password is for. This way you don’t need to remember lots of passwords, but each one will still be unique.

• For your email: EMail#W!nter$2o12

• For your bank: Bank#W!nter$2o12

• For your computer: PC#W!nter$2o12

• For your Facebook account: FB#W!nter$2o12


Other password strategies include using the first initial of words in a short phrase or breaking up a phrase into parts. Here are five passwords based on a common phrase:


N!tTime4 Now is the time for

Allg00d$ All good

M3n2C0m! Men to come

2the@id0F To the Aid of

The1rC0untry Their Country

Safeguard your passwords. We’ve seen passwords written on whiteboards and collected in spreadsheets shared by everyone in a firm. The problem with shared passwords goes beyond information that may be shared with the wrong people. If someone has your password they can pretend to be you. One of our customer’s email accounts was hacked simply for the purpose of sending tens of thousands of messages that appeared to come from him.

Use a strong password for every system. Even a compromised Facebook account can lead to embarrassing consequences. If you employ people who use passwords make sure they comply with these rules too; and that goes double for IT consultants and other contractors that touch your systems.

Bill Gates famously decreed in 2004 that passwords were dead. There have been inroads made by so-called “two factor” solutions – those that combine something you “know” like a password and something you “have” like a digital “token” (the Yubi Key is my favorite) or something you “are” like a fingerprint – but logins and passwords remain ubiquitous and probably will for a long time.

Make a New Year’s resolution to create a simple password policy that protects your reputation and confidential materials – before you regret it!•

__________

Kim Brand is a technology expert and president of Computer Experts Inc., a 27-year-old IT services company in Indianapolis. He has presented to local and state bar audiences and written for West Publishing and the ILTA. Kim contributed to the “On-Premises” section of the recently released ILTSO.org legal technical standards, and he is the inventor of the FileSafe Server used by many law firms. He may be reached at Kim@ComputerExpertsIndy.com or by phone at 317-833-3000. The opinions expressed are the author’s.


ADVERTISEMENT

Post a comment to this story

COMMENTS POLICY
We reserve the right to remove any post that we feel is obscene, profane, vulgar, racist, sexually explicit, abusive, or hateful.
 
You are legally responsible for what you post and your anonymity is not guaranteed.
 
Posts that insult, defame, threaten, harass or abuse other readers or people mentioned in Indiana Lawyer editorial content are also subject to removal. Please respect the privacy of individuals and refrain from posting personal information.
 
No solicitations, spamming or advertisements are allowed. Readers may post links to other informational websites that are relevant to the topic at hand, but please do not link to objectionable material.
 
We may remove messages that are unrelated to the topic, encourage illegal activity, use all capital letters or are unreadable.
 

Messages that are flagged by readers as objectionable will be reviewed and may or may not be removed. Please do not flag a post simply because you disagree with it.

ADVANCED SEARCH
Sponsored by

facebook - twitter on Facebook & Twitter

Indiana State Bar Association

Indianapolis Bar Association

Evansville Bar Association

Allen County Bar Association

Indiana Lawyer on Facebook

facebook
ADVERTISEMENT
Subscribe to Indiana Lawyer

  1. G. Michael Witte letter states he's suspended for three years. The case that got him suspended is identical to my estate case, including havin the Late Judge Deiter recuse himself because Newman had a conflict of interest with the judge. His Modus Operandi is nearly identical.

  2. SIGNED BY G. MICHAEL WITTE EXECUTIVE SECRETARY INDIANA SUPREME COURT DISCIPLINARY COMMISSION DATED MAY 17, 2012.

    Your 6th complaint against Lawrence T. Newman filed on 4/12/2012. On 1/31/12, the Indiana Supreme Court entered an order suspending Lawrence T. Newman’s law license for a period of three years. More important, even after three years, Lawrence Todd Newman will not get his license back unless and until he goes through a separate proceeding to prove that he is fit to practice law. This is not an easy process, and the burden is upon Lawrence T. Newman to prove by clear and convincing evidence that he is fit to return to practice.
    Because of the length of Lawrence T. Newman’s license suspension and the fact he may never succeed in getting his law license reinstated, we are not opening an investigation file at this time.
    Should Lawrence T. Newman seek reinstatement in the future, we will open your file and ask Lawrence T. Newman to address your grievance as part of his burden of proving fitness. We have attempted to notify Lawrence T. Newman that this will be required of him.
    It may disappoint you to hear that we will be doing nothing on your grievance at this time. However, the most our office can ever accomplish is to take away a lawyer’s license to practice law. We have already done that, albeit as a result of misconduct in cases other than your own. It makes better sense for our office to focus its limited resources on cases where the lawyers are still actively practicing law.

  3. Is there any justice in the Marion County Superior Court Civil Division? I am the unfortunate victim of a retaliatory lawsuit brought by Lawrence Todd Newman, the attorney from an estate case on which I worked as a unsupervised personal representative in 2006. The contract agreement for that case stated that the estate would be responsible for all attorney fees, but Newman refused to close the nearly insolvent estate when my duties were complete and his fees were paid. Instead, he tried to extort additional attorney fees from me by keeping the case open to address a wrongful death claim, despite the estate’s heir’s lack of interest in pursuing it and an expert doctor’s opinion that it would not be worth doing so. He also knowingly deceived me into believing that a “closing statement” was needed to close the estate, even though this requirement had actually been waived by the estate’s heir. The heir’s attorney filed a motion to have Newman removed from the case. After the court closed the probate case with prejudice (barred from further litigation) Newman illegally re-opened the case in another courtroom.
    As a result of complaints filed against him for these and similar actions, Newman has been suspended from practicing law for 18 months by the Indiana Disciplinary Commission. In retaliation, he has filed suit against me demanding additional attorney fees for the 2006 estate case, despite the fact that I made no agreement stating that I would pay any fees from my own assets on behalf of the estate. This lawsuit violates the rules of ethics, due process of law, and equal protection of law. Newman has been allowed to file ridiculous pleadings at an alarming rate and has been supported by a biased court system. Judge Carroll refuses to recuse himself from the case despite the fact that, by his own admission, he intends to grant Newman sanctions regardless of the evidence. When my former counsel discovered that the previous judge on the case, Judge Sosin, was a long-time close friend of Newman’s family, Judge Carroll commented for the record during a hearing that Judge Sosin in so many words “he finds the door “was weak for recusing himself from the case as a result of this obvious conflict of interest.
    This case is a public policy issue. Statutes put in place to protect unsupervised personal representatives in probate matters are being ignored. This case will affect thousands of individuals involved in probating and the personal representation of estates. Justice cannot possibly be served as long as a biased judge is allowed to defend a “vexatious litigant,” as Newman has been described by Judge Logan in Bradenton, Florida court. If there is any justice in the Marion County Superior Court Civil Division, this case against me will be dismissed with prejudice.

  4. Every affront to decency and every style adopted by criminals is not per se a constituttional violation. Only fools believe or espouse that.

  5. This was an unnecessary change in law, a needless fiddling with a tax that impacted very very few hoosiers, but one that erodes a tax base benefitting very many hoosiers. Just because some people wanted to chalk up a "tax cut" on their legislative brag-list, and didnt give a fig about replacing the revenue any other way. Really stupid. I am a republican my whole life and this just shames me like hell. I have to use a fake name over this because I know my fellow republicans are all brain washed over tax cutting too.

ADVERTISEMENT