Password Protection For The Office
Where do you keep your passwords?
You have a list somewhere, don’t you? Perhaps you’re brazen and write them out on a Post-it stuck to your monitor. Or maybe you have the list buried somewhere at the bottom of your desk. If you’re more organized, maybe you have a master spreadsheet on your computer.
Or do you actually follow the rules and keep all your passwords in your brain? If so, kudos to you. I couldn’t do it.
Here’s the reality of working in an office today: We have too many passwords. At the office alone, I’m responsible for maintaining 30 different online accounts, ranging from my own network login to the Worcester Business Journal’s YouTube account. That doesn’t include my personal accounts, which in some cases stretch back to accounts I set up as a teenager. It’s impossible to keep track of all of them and I often wake up in the middle of the night worried that if I were hit by a bus, the Worcester Business Journal would grind to a halt because I alone was the keeper of our Twitterfeed account information.
Of course, I’m overstating things a little. But not by much. Password maintenance is a major headache for most companies today, and a major threat to security. And it turns out that some of the assumptions we’ve always made about how to keep passwords secure may not be true after all.
Paper Trail
Take the issue of writing down passwords. Turns out there’s a movement in the security world that says “Go right ahead and keep your Post-it notes with your passwords.”
A Microsoft tip page available through the company’s online Safety & Security Center says it’s OK to write your passwords down, but to “keep them secure.” There’s no detail beyond that, however, so I suppose it’s up to you to decide what’s secure. Maybe keeping them under lock and key does it for you. Or perhaps you’d rather go a little old school and use invisible ink.
Randy Bohrer, a senior security consultant at the Westborough-based IT company Akibia, says he’d rather see someone develop secure passwords and write them down on a piece of paper, than to have simple passwords like “12345” that are memorized.
“If you secure your list of passwords like you would a credit card or a $50 bill, that should suffice,” Bohrer said.
What isn’t a good idea, he said, is having a Word document or Excel spreadsheet on your desktop or in your My Documents file with all your passwords. It’s easier for a hacker to access that document than it is for a hacker to physically break into your office and steal the Post-it notes off your desk.
But if you do keep a Word document on your computer, make sure it’s encrypted, he said.
Real Characters
Then there’s the question of a password’s strength. As you probably know by now, it’s simply not OK to have the password to your bank account be “password.” And at this point, most programs force you to select a “secure password” that includes lower-case and upper-case letters as well as special characters (things like: @#$%!).
Microsoft recommends using passwords that are 14 characters or more, which seems a little on the long side. Meanwhile, Google recommends using “similar looking substitutions,” such as the number zero for the letter ‘O’ or ‘$’ for the letter ‘S.’
Bohrer also suggests having different levels of passwords based on the level of security you need. For example, if you’re setting up a login to view an article on a news website that you likely will never return to, use a base password that is secure (following the rules above) but relatively simple. For the most sensitive logins — such as bank accounts — use a different base and make it a bit more complicated, incorporating more special characters.
The driving idea behind these different levels is to protect you. If a hacker gains access to a low-level account, you want to make it as difficult as possible for that hacker to follow your logic and break into your higher security accounts.
Someday soon, I expect colleges will begin teaching full-semester courses for incoming freshmen on how to develop and maintain passwords. It takes a certain level of discipline and creativity to stay ahead of the hackers and keep all your passwords straight. I, for one, am losing patience with it all. And there are times when I wonder if it’s all just a waste of time. Sophisticated hackers, armed with super-fast computers to test password after password, can probably break into any account given enough time. Knowing that, it all seems like a big waste of my brain power.
“You have to bother,” Bohrer said. “You have to make it hard for [the hackers] so they move onto other targets.”
And I guess that’s a good point. Most hackers are looking for an easy score. If your account puts up just a little fight, there’s probably an easier mark down the line. Just make sure you’re not that easy mark.
Got news for our Digital Diva column? E-mail Christina H. Davis at cdavis@wbjournal.com.
WBJ Web Partners
Most Recent
Most Recent
0 Comments