Passwords: Change Them Often
Posted by Paul Roebuck on Thu, May 20, 2010 @ 10:42 AM
Most people treat passwords to their important computer files like their personal name. They have one password that they use for everything for their entire life.
Today you cannot do anything on a computer without entering a password even if you enter nothing as your password.
Every "e-access" is supposedly protected from what you just ate and noted in last your last Tweet, to your financial information recorded at your e-bank or as part of your last E-Bay transaction.
When is the last time you changed your password(s)?. Well then that is too long.
You do not have the ability to protect the information accessed by using your driver's license number or social security number. But you do have the ability to create unique password(s) frequently to access you company or personal data.
The most probable reason that we do not change them is our perception that the list of unique passwords will be so long that we will never be able to keep track of them. What good is a strong password if we can not remember it accurately or access it conveniently. Writing you password on the bottom of the keyboard does not count as being secure. You don't leave your front door key under the door mat!
I personally use an algorithm to track mine. I cannot claim this idea as being my own. But it is an idea that everyone who hears it considers implementing it.
This password algorithm is based on making your password from three components.
1) An easy to remember word e.g. your school mascot, street you grew up on, your first dogs name, your initials,your maiden name. I suggest that you select a word that is at least 3 characters and not more than 6 characters. For this example I will use my best friend's name, "bob"
2) Pick a two to four digit memorable number combination. When possible avoid using sequential and or repeating digits. If dates are your preference, avoid for example 1111. For my example I will use 0127 which is the my daughter's birthday
3) Finally make a standard mnemonic to represent the site that you are accessing, e.g. FNB for First National Bank; Microsoft might be MIC or MCR; or IRS for the Internal Revenue Service.
Now every month or quarter I change all of my passwords by using a new base word and or number with the same mnemonic.
For extra security I use all lower case letters for my base word and all upper case letters for the mnemonic or vice versa.
The passwords for Q1FY2010 might be bob0127FNB and bob0127MCR but for Q2FY2010 they would change to lmt1225FNB and lmt1225MCR
I hope this strategy makes the process of generating new passwords and remembering them easier and facilitates regular revisions.
Paul Roebuck, paul_roebuck@allied-is.com, www.allied-is.com Our company specializes in improving processes using AIDC and RFID integrated solutions.