What’s the Word?

By: (Security+)

Publication: The Kansas Banker , October 2015

The Kansas Banker Oct. 2015I have a slight obsession with games. Some people call it crazy, but I prefer to think of it as analytical fun. Among the ranks of my favorite games are word games, such as “Scrabble,” “Bananagrams,” and “What’s the Word?” While the rules vary from game to game, the overarching theme is to take a random group of letters and arrange them into words.

Dutch artist M. C. Escher once said, “We adore chaos because we love to produce order.” There is something beautiful about being able to take a collection of jumbled items and arrange them into a perfect order. It makes things simpler to locate, effortless to remember, and, regretfully, easier to hack.

Humanity’s desire to create order from chaos becomes a problem when we need to construct strong passwords. We like to use words that are easy to remember. We also like to use words associated with us: names, birthdates, usernames, addresses, etc. This is called “Personally Identifiable Information” and the last place it should appear is in your password.

The oldest computer passwords can be traced back to 1961. They were created by Fernando Corbató for the Massachusetts Institute of Technology’s Compatible Time-Sharing System. Like Corbató, we use passwords today for a variety of reasons: computer logon, email access, social media, and shopping. There will likely come a day where every computer and web-based application will require a username and password for identification and authorization.

I attempted to count the number of passwords I use and made it to about fifty, that I can recall. According to password management group Meldium, a LogMeIn company, the average person has 545 personal and business apps. Their research also shows the same person has an average of only ten unique passwords.[1] Doing the math, this means if all these apps required a password and if hackers stole one password, they could have access to more than fifty applications.

 We have so many passwords, we don’t know what to do with them and we revert to what we do with chaos: organize. We combine as much as possible and make them shorter to take up less space in our brain. While there may be other means of authorization in the future (i.e., biometrics, emoji passwords, etc.), the password constructed of letters, numbers, and symbols is the predominant security control today. As such, we need to take extra precautions with it. If you are part of the majority, struggling with secure passwords, here are some tips to help you organize them in different ways:

·         Prioritize. If you have so many passwords you cannot remember them all, then you can reuse a password, but only for accounts without access to your personal, professional, or financial information. All other passwords should be unique.

·         Use Symbols. Don’t be afraid to utilize symbols in your password. You can even use symbols that look like letters. For instance, if you use the word “password” for your password, consider this more secure alternative: #P@s$w0rd. Hashtags are in vogue, after all.

·         Make a pattern. I’m not saying to type in “qwerty” or “1234” or whatever keys may be next to each other on your keyboard, but you could do something like Q1w2E3r4T1y2.  This uses the same letters and numbers, but it is much safer due to length and complexity.

·         Try out sequences. If you work for a bank and you reset your password every forty-five days, it can be difficult to remember your current one. As long as you have a secure password, you could also use sequences to help you remember. For example, I could use the passwords B@naNaG4ams01, B@naNaG4ams02, B@naNaG4ams03, and so on.

·         Ask the experts. Password managers are available for situations just like this. A popular password manager is LastPass, which also happens to now be a LogMeIn company. Do your research and leave the organization to the experts.

 These are just a few of the simple options available to help you increase your password security and embrace the chaos.

 Alyssa Middleton is a Security+ certified tandem Software Support specialist for CoNetrix. tandem is a security and compliance software suite designed to help financial institutions develop and maintain their Information Security Programs. To learn more about how CoNetrix can help you, visit our website at www.CoNetrix.com or email info@CoNetrix.com.

 



[1] https://community.spiceworks.com/topic/1004428-how-long-will-it-take-to-hack-your-password