We all have more passwords than we can remember. This tends to make us a bit lazy. We use obvious and easy-to-remember ones—even the word “password” itself. Or worse, we don’t use passwords at all. Bad password habits are often the weakest link in data security schemes.
So for this issue, here’s a nudge to use passwords more effectively. Let’s review the steps you can take to create passwords that are harder to crack and to otherwise protect the confidentiality of your passwords from others’ prying (and not-so-prying) eyes.
How to Create Strong Passwords
You can’t just use any old password. It shouldn’t be anything that’s obvious and easy to guess, such as your name, your mother’s or father’s name, your pet’s name or so forth.
Password-cracking software tools continue to improve, and the much more powerful computers we have today only assist them. Some password-cracking tools use dictionary attacks. They simply try a list of words—such as, for example, commonly used English words and names.
In addition, there are automation-type tools that try every possible combination of letters and other characters. Given enough time, the automated method can crack any password. Consequently, passwords that once took weeks to break can now be broken in hours by the best cracking tools on a fast computer. So you need to get more crafty and cunning.
You have to pick a password that is hard to break because it isn’t obvious or hackable. This is called a “strong” password. For a password to be strong, it should meet the following criteria:
Can You Keep a Secret?
Even the strongest passwords don’t work if they aren’t secret. Unfortunately, people get careless and don’t always keep their passwords confidential. Here are the things you can do to keep your passwords secret.
Don’t tell anyone your passwords, under any circumstances. And make sure no one is looking over your shoulder when you’re typing in a password. If more than one person knows about something, it isn’t a secret anymore. We all learned that lesson in third grade.
Never write down your passwords, especially on little notes posted to your monitor. Is this not the same as leaving your car keys in the ignition? Of course, there are no notes on your monitor. But take a walk around your office and see how many passwords you find on little notes taped up in plain sight. You will find some, I guarantee it.
Okay, I’ll be realistic here. If you absolutely have to write down some of your passwords to remember them, don’t write them out exactly. Write them out so they have to be translated in some way. Add or delete a character, transpose letters, or vary them in some other consistent way that only you can figure out.
And don’t save them on your hard drive. It is not uncommon for people to have a Word or WordPerfect file with all their passwords in it. But this file is dead easy for others to find—especially if it’s called password.doc or otherwise contains the word “password.”
Okay, more realism. If you must store passwords on your computer, use a password manager utility like RoboForm (www.roboform.com) or Password Manager XP (www.cp-lab .com). These programs store your passwords in an encrypted form so that they can’t easily be accessed.
Other Warning Shots
No, I’m not done yet! I have just a few more admonitions for you. Don’t use the same password for everything. This is just so tempting, but so dangerous. Anyone who figures out your password gets easy and instant access to your entire system. Use different passwords for different programs, especially for very sensitive things like your network log-on, remote access to networks or bank account log-ons.
If you even suspect that a password has been compromised, change that password immediately. In addition, you should change all important passwords every 60 to 90 days as a matter of course. This will foil a lurker that has your password (or passwords) unbeknownst to you.
And be wary of dialog boxes that present an option to save or remember your password. These can appear in your Web browser and in dialog boxes for remote access or telephone connections. By selecting this option, you give unchallenged access to these things to anyone sitting down at the computer.
In sum, take care with your passwords. They are key to protecting your confidential personal and practice information.
LAW PRACTICE MAGAZINE TIPS TEAR-OUT
To protect the confidentiality of your passwords:
To create strong passwords:
Dan Pinnington ( firstname.lastname@example.org) heps lawyers avoid malpratice claims and looks for good tech tips in Toronto, ON. He is a member of the ABA TECHSHOW Board and an editor of the Law Practice Today Webzine.