ILNews

Start Page: Protecting those pesky passwords is necessary evil

Kim Brand
January 4, 2012
Back to TopCommentsE-mailPrintBookmark and Share

StartPageBrand.jpgYou are bad at managing passwords. You may be a good attorney – but you share your passwords with other people, you use the same password on multiple systems, your password is too short or too simple or written on a Post-it note under your keyboard. The truth is: you don’t like passwords or complicated password policies and you don’t think a secure password is worth the trouble.

That was, until the consequences of a data breach made it worth the trouble. That day has come. In fact, that day came long ago. You’ve just been lucky.

Some data breaches are not the result of compromised passwords. Faulty software can expose private data. Your PC can get infected with a virus that delivers your files into the clutches of a server operated by organized crime. Your laptop can get stolen or an emBrand-010612.gifployee may lose your backup on the “thumb drive” he keeps with his keys. All these troubles may lead to data leaks – but cracked passwords are too common and indefensible; you can actually “fix” this source of leaks if you set your mind to it.

By changing your password often you can prevent someone who had access to your account today from having it tomorrow. Passwords that last forever may outlast relationships. Pick a cycle: change of seasons, start and end of school, national holidays or some other easily memorable way to mark the passage of time and use that event as a reminder to change your password.

Complex passwords don’t have to be complicated. With a few simple tricks you can make up passwords that are nearly impossible to guess but easy to remember.

• Use a mix of capital and lower case letters

• Use at least eight characters

• Use numbers and punctuation marks

• Use symbols: %, $, @, etc.

Tech Tip: you can substitute symbols that have a similar appearance:

@ = a

$ = s

0 (zero) for o (oh)

! or 1 for i

3 for e (note that it is just backwards, like: z for s

• Don’t use a word you could find in a dictionary

• Don’t use your name or anyone else’s

• Don’t use a sequence of numbers or letters: 1234 … or abcd … or a phone number

There are 70 times more combinations of nine characters than eight – so pick a longer password if possible.

Analysis of a data breach at a web services provider with millions of users uncovered that the most popular password used was “123456” – the second most popular: password. Don’t be a statistic!

One simple scheme to create a complex password is to join common words separated by special characters. The first part might be “Winter,” “Summer,” “Football,” or “Baseball.” The “season” will be obvious based on the time of year. Then separate them with a special character. For added security, substitute symbols for letters. Here is an example:

W!nter$2o12 – This substitutes 1 for i and o for 0.

If you use the same password everywhere then someone who guesses it will have access to everything. One trick is to add a prefix to identify which device or service the password is for. This way you don’t need to remember lots of passwords, but each one will still be unique.

• For your email: EMail#W!nter$2o12

• For your bank: Bank#W!nter$2o12

• For your computer: PC#W!nter$2o12

• For your Facebook account: FB#W!nter$2o12


Other password strategies include using the first initial of words in a short phrase or breaking up a phrase into parts. Here are five passwords based on a common phrase:


N!tTime4 Now is the time for

Allg00d$ All good

M3n2C0m! Men to come

2the@id0F To the Aid of

The1rC0untry Their Country

Safeguard your passwords. We’ve seen passwords written on whiteboards and collected in spreadsheets shared by everyone in a firm. The problem with shared passwords goes beyond information that may be shared with the wrong people. If someone has your password they can pretend to be you. One of our customer’s email accounts was hacked simply for the purpose of sending tens of thousands of messages that appeared to come from him.

Use a strong password for every system. Even a compromised Facebook account can lead to embarrassing consequences. If you employ people who use passwords make sure they comply with these rules too; and that goes double for IT consultants and other contractors that touch your systems.

Bill Gates famously decreed in 2004 that passwords were dead. There have been inroads made by so-called “two factor” solutions – those that combine something you “know” like a password and something you “have” like a digital “token” (the Yubi Key is my favorite) or something you “are” like a fingerprint – but logins and passwords remain ubiquitous and probably will for a long time.

Make a New Year’s resolution to create a simple password policy that protects your reputation and confidential materials – before you regret it!•

__________

Kim Brand is a technology expert and president of Computer Experts Inc., a 27-year-old IT services company in Indianapolis. He has presented to local and state bar audiences and written for West Publishing and the ILTA. Kim contributed to the “On-Premises” section of the recently released ILTSO.org legal technical standards, and he is the inventor of the FileSafe Server used by many law firms. He may be reached at Kim@ComputerExpertsIndy.com or by phone at 317-833-3000. The opinions expressed are the author’s.

ADVERTISEMENT

Post a comment to this story

COMMENTS POLICY
We reserve the right to remove any post that we feel is obscene, profane, vulgar, racist, sexually explicit, abusive, or hateful.
 
You are legally responsible for what you post and your anonymity is not guaranteed.
 
Posts that insult, defame, threaten, harass or abuse other readers or people mentioned in Indiana Lawyer editorial content are also subject to removal. Please respect the privacy of individuals and refrain from posting personal information.
 
No solicitations, spamming or advertisements are allowed. Readers may post links to other informational websites that are relevant to the topic at hand, but please do not link to objectionable material.
 
We may remove messages that are unrelated to the topic, encourage illegal activity, use all capital letters or are unreadable.
 

Messages that are flagged by readers as objectionable will be reviewed and may or may not be removed. Please do not flag a post simply because you disagree with it.

Sponsored by
2015 Distinguished Barrister &
Up and Coming Lawyer Reception

Tuesday, May 5, 2015 • 4:30 - 7:00 pm
Learn More


ADVERTISEMENT
Subscribe to Indiana Lawyer
  1. Annaniah Julius annaniahjmd@ymail.com Ashlynn Ong ashlynnz@hotmail.com Baani Khanna baani2692@gmail.com boatcleaners info@boatcleaners.nl DEBBIE BISSAINTHE bissainthe56@yahoo.com Diane Galvan dianegalvan@ymail.com Dina Khalid dina.shallan@gmail.com - dinashallan@gmail.com Donna Isaiah donnaisaiah@hotmail.ca donnikki donnikki@att.net Emily Hickman emilyhickman78@yahoo.com Emma emmanoriega18@yahoo.com estherwmbau2030 estherwmbau2030@gmail.com Freddeline Samuels freddeline.samuels@gmail.com Ilona Yahalnitskaya ilona10@optonline.net Jasmine Peters jasminepeters79@ymail.com Jessica Adkinson jessica.adkinson@gmail.com - jessicaadkinson@gmail.com Jimmy Kayastha doc_jim2002@yahoo.com Jonnel Tambio syjam1415@gmail.com Katarzyna katet2806@gmail.com Katie Ali katieali.rpn@gmail.com Leah Bernaldez leij1221@gmail.com linda sahar tarabay ltarabay65@hotmail.com Ma. erika jade Carballo mej_carballo1993@yahoo.com mark voltaire lazaro markvoltaire_lazaro@yahoo.com mawires02 mawires02@gmail.com Narine Grigoryan narinegrigoryan1993@gmail.com Richie Rich richie.2022@gmail.com siya sharma siyasharma201110@gmail.com Steven Mawoko rajahh07@gmail.com vonche de la cruz vonchedelacruz@yahoo.com

  2. A traditional parade of attorneys? Really Evansville? Y'all need to get out more. When is the traditional parade of notaries? Nurses? Sanitation workers? Pole dancers? I gotta wonder, do throngs of admiring citizens gather to laud these marching servants of the constitution? "Show us your billing records!!!" Hoping some video gets posted. Ours is not a narcissistic profession by any chance, is it? Nah .....

  3. My previous comment not an aside at court. I agree with smith. Good call. Just thought posting here a bit on the if it bleeds it leads side. Most attorneys need to think of last lines of story above.

  4. Hello everyone I'm Gina and I'm here for the exact same thing you are. I have the wonderful joy of waking up every morning to my heart being pulled out and sheer terror of what DCS is going to Throw at me and my family today.Let me start from the !bebeginning.My daughter lost all rights to her 3beautiful children due to Severe mental issues she no longer lives in our state and has cut all ties.DCS led her to belive that once she done signed over her right the babies would be with their family. We have faught screamed begged and anything else we could possibly due I hired a lawyer five grand down the drain.You know all I want is my babies home.I've done everything they have even asked me to do.Now their saying I can't see my grandchildren cause I'M on a prescription for paipain.I have a very rare blood disease it causes cellulitis a form of blood poisoning to stay dormant in my tissues and nervous system it also causes a ,blood clotting disorder.even with the two blood thinners I'm on I still Continue to develop them them also.DCS knows about my illness and still they refuse to let me see my grandchildren. I Love and miss them so much Please can anyone help Us my grandchildren and I they should be worrying about what toy there going to play with but instead there worrying about if there ever coming home again.THANK YOU DCS FOR ALL YOU'VE DONE. ( And if anyone at all has any ideals or knows who can help. Please contact (765)960~5096.only serious callers

  5. He must be a Rethuglican, for if from the other side of the aisle such acts would be merely personal and thus not something that attaches to his professional life. AND ... gotta love this ... oh, and on top of talking dirty on the phone, he also, as an aside, guess we should mention, might be important, not sure, but .... "In addition to these allegations, Keaton was accused of failing to file an appeal after he collected advance payment from a client seeking to challenge a ruling that the client repay benefits because of unreported income." rimshot

ADVERTISEMENT