Regular readers of this column may feel the urge to throw some of my earlier comments back at me, because I did write here that I was going to try to avoid droning on and on about passwords and the need for everyone to use cryptographically strong ones. Try though I may, I simply cannot escape the fact that passwords are the single biggest issue I am forced to deal with day in and day out. Often at the end of the day I realize that out of a workday when I should have spent eight hours fixing problems and helping people, I actually passed an hour or two unproductively while someone tried to find some misplaced password.
It used to be much easier to remember passwords when banks and other online sites permitted users to use short, simple and easy-to-remember ones. Increasingly, though, most online sites are absolutely demanding that users change their password and are instituting rules such as passwords must have at least 12 characters and contain uppercase letters, lowercase letters, numbers, and symbols. Many sites will simply no longer allow users to use short passwords and are enforcing this as a matter of policy. One unnamed Information Technology professional proffered that today a “password must contain upper and lowercase letters, a number, a plot, a protagonist, some character development, and a surprise ending.”
Among IT professionals there is a video that has been making the rounds. The American stand-up comedian and television host Ellen DeGeneres was responsible for this one and it is absolutely hilarious. Point your internet browser to www.youtube.com and do a search for “Ellen DeGeneres Out of Your Password Minder” to find this video. While you are there on youtube.com do a search for “Ellen DeGeneres What’s The Password” because that one is good for a laugh as well.Human nature being what it is, though, in spite of all the warnings most people, even those who do know better, simply do not want to go to the trouble to use good security practices when it comes to dealing with their passwords. A lot of these people do write down all their passwords in a book and then hope they do not loose it. If you are one who does this, then about the only thing I can suggest is that you should formulate some methodology for modifying what you record in writing. You can try always adding some characters to what you write in the book, or always omitting the third letter. That way when someone steals your list of passwords they will not know what to add or subtract to the password you recorded in writing. Forget about spelling a word backwards or substituting one and zero for i and o, that is the first thing the bad guys try.
Slightly more sophisticated users may keep their passwords in a word processing document on their computer. I had to cringe when I sat next to my friend Susan at Starbucks because when she needed to know a password, she opened up her documents folder to consult a Microsoft Word document named “Passwords.doc.” At a very minimum she should camouflage that file by changing the name from the obvious “Passwords.doc” to something less likely to attract the attention of the next thief to steal her laptop. I would suggest a file name such as “RootCanal.doc” or “Colonoscopy.doc” either of which might be more pleasant than having the “Passwords.doc” file fall into the wrong hands. Microsoft Word allows users to password-protect individual files, and that provides a bare modicum of security.
I have witnessed first hand the life-shattering effects of being a victim of identity theft, and knowing that it happened only because the person was lazy about password security was very sad.
Occasional Reporter contributor Charles Miller is a freelance computer consultant with more than 20 years IT experience and a Texan with a lifetime love for Mexico. The opinions expressed are his own. He may be contacted through his web site at SMAguru.com.