Password Fail

Albert BlaizeNews, Tech Talk

In Albert’s Corner this month, thoughts on password security.

By now it’s been drummed into your brain that secure passwords are vital in our increasingly cloud-based world. With so much of our personal and business lives taking place online, it just makes sense to lock things down as best we can.

And yet … in the course of our work we still see people using passwords like password, or their kids’ names, or other things that are easily guessable. And when passwords are more complex, we often find them written on a Post-It note and proudly stuck to computer monitors for all to see.

We tread a fine line here … the more complex a password is, the more likely that a user will forget or mistype it. That means reaching out to tech support for a reset, wasting time on both ends. And the easier it is to remember and type, the easier it is for someone to hack your vital business or personal data. Remember also that not all the bad guys are in the Ukraine … displaying passwords on a sticky note or on your desk means the cleaning service and heaven knows who else can see them also.

The generally-accepted solution is to compromise and use character substitution so we wind up with passwords like S@mmy1989!.  And in fact many websites will demand just that: a combination of upper- and lower-case letters, numbers and at least one special character.

Whoops … turns out that the guy who came up with that idea was not a security expert at all, and he now regrets it. Not only that, it’s been proven that a longer string of random, memorable words is harder for a hacker’s computer to guess than the conventions we’ve been using (read the article here). So say goodbye to M@ndy!982 and hello to gladiatorumbrellalabradorcheesecake.

Except all those websites won’t let you do that because that password lacks upper-case letters, numbers and special characters, and probably exceeds their length limits.

So what to do? For now, I would suggest sticking with the character-substitution routine, but don’t start with your name or your kids’ names … after all, anyone could learn those things about you on Facebook and go from there. Instead, start with a song you like, or a movie or a few words from a poem. AnyM@j0rDude or Singing1nTh3R@in would be a far better choice than J@son&T1ffany.

Oh, and once you’ve made the change, please don’t stick it on your monitor.

 Albert Blaize is Vice President of Sales and Marketing for TRG Networking and spends far too much time on the road to share his car. Contact him at albert@trgnetworking.com.

Albert BlaizePassword Fail