Confident About the Security of Your Passwords?

Share
Lock requiring password
So what’s the combination?

There is no such thing as complete security. All precautions and security devices are nothing more than time delays. You are not immune from hackers or malicious software bugs, identity thieves or unscrupulous “ransom ware” extortionists.

You can, however make yourself and your business a harder target and significantly reduce the likelihood that you will be a victim.

The first line of defense is usually the password.

At last count, I have close to 100 passwords I have to retain and use periodically, some more frequently than others and some more complex than others. Virginia has an equal portfolio with a few overlapping with mine. That’s too many unique and nonsensical combinations of numbers and characters to rely on memory alone.

We understand all too well how unlikely it is that you will approach your computer and on-line security with enthusiasm.

It’s just human nature to look for shortcuts.

I accept this and, in fact, I have some institutional experience that I’ll share with you that may help motivate you to reexamine how you approach this important subject. It’s not a long story, but it’s one I think you’ll find both entertaining and enlightening.

A true and embarrassing story of security shortcuts.

Some years ago, I was serving our country with the US Army as a Special Agent for Counterintelligence. I assure you that, while there were exciting times and even dangerous assignments, there were many more tasks that some (me included) would consider mundane and tedious. Among the latter was the responsibility of conducting periodic inspections of Army units in their handling, storing and protecting of classified information.

(And, yes, this required that we put on our expressionless “face” and make sure we came across as serious “spooks.”)

One thing we did that relieved the tediousness of these inspections was to ask early in the process to see how documents were stored. We also wanted to know who was in charge to “make sure” they had the proper level of clearance.

Storage in those days was typically in a bank of four-door file cabinets with a rod inserted through the handles, secured with an impressive Sargent-Greenleaf combination padlock at the top.

As part of our inspection, and always with the handful of personnel (including the Unit Commander, officers and non-coms in the “audience”) we would begin attempting to open the padlocks by turning the dials without anyone providing us with the actual combination/s.

Imagine, if you can, the looks of surprise and embarrassment on the faces of the soldiers as, one-by-one, we deftly opened most – and sometimes all – of the locks on the file cabinets.

“How in the hell did you do that?!?” was the typical reaction.

Actually, it was quite simple. Before the actual inspection, we examined the personnel records of the people in charge. We jotted down birthdays, wedding dates, serial numbers, etc. With few exceptions, we would find that at least half of the locks could be opened by treating these dates as combinations because they were an easy way for the people to remember the sequence of numbers.

In some of the more dramatic encounters where we opened ALL of the locks, it was usually where the same sequence of numbers was used on all the locks.

The point of this story is to illustrate that the convenient ways you create passwords is typical. Most “crackers,” if not “hackers,” will have search scripts that can readily break these normal code patterns.

Avoid normal code patterns as passwords!

There are a number of ways to pick passwords that will foil eager agents, friendly or not so friendly.  Here are three:

  1. Use a password generator. Typically, these programs will create totally random combinations of capital and lower case letters, numerals and symbols, often as long as 16 digits.
  2. Save these passwords so you can retrieve them, since you won’t be able to remember them. Password manager programs include Keeper, RoboForm and LastPass.
  3. Not happy with having all your passwords stored on your desktop? You can write them down on paper and store or seal it well away from prying eyes.

If these ideas seem too few, or too paltry, we recommend you click on Consumer Reports: 66 Ways to Protect your Privacy Right Now. In 14 pages it discusses passwords but also covers email, devices, privacy, software updates, two-factor authentication, PINs, travel, encryption, settings, wifi, phishing, and ransomware!

Joe Krueger
Your Emergency Plan Guide Team

P.S. We continually update information like this, though we can’t beat the story about the padlocks! If you’re interested in security, check out this recent Advisory about Cyber Security Threats.


Don't miss a single Advisory.

Thank you for subscribing.

Something went wrong.