Posts Tagged ‘passwords’

Gordon Snow on Cybersecurity at Home

Sunday, December 23rd, 2012

I’m a military brat.  Most Americans are familiar with this term, because it is a common way we brats answer the question: “Where are you from?”  Every other answer takes too long.  You know, like explaining why being born in Italy doesn’t mean I’m Italian.  And we really don’t have enough time to talk about all the schools we went to.

According to Wikipedia, we are an entire sub-culture.  One component of this subculture is a company called USAA.  USAA is an organization which provides financial services, loans and banking to anyone associated with the military.  And in their eyes, once a brat, always a brat.  This turns out to be a good thing, because the children of service men and women have a lifetime right to use their services.

The Fall 2012 issue of USAA’s magazine features an interview with Gordon Snow.  He was formerly the FBI’s top cybercrime cop.  Naturally I was curious to read about his tips for keeping our families safe.

You can find the on-line article here, but they cut out a lot of the good stuff (nice reference to my employer though).  Here are my two favorite useful tips:

1.)  Go Long!  – Here’s a password quiz: which is a stronger password – the hard-to-remember: “H7%doss!” or the easier: “MyLazyDogRex” (note: this second one is also called a “passphrase”)?

Believe it or not, the short one will take a password cracker 6 hours to crack; the longer (but easier to remember) one will take 317 years.

(more…)

Darn Security Questions and the Day I Wished for More Numbers

Tuesday, June 19th, 2012

How many of you have been locked out of an on-line account at least once?  Everyone, right?

It happens after trying too many passwords.  Maybe because SOMEONE was multi-tasking with the caps-lock on.

Of course we can always call and ask the security police to retrieve it.  Two weeks ago I had to do this, and along the way I glimpsed a whole new level of security interrogation.  My experience went something like this:

“Name of your first pet?”

Hmm, I wonder: do I count the Gerry the gerbil, even though he was actually my brother’s?  Or what about the stray tabby we fed every day when we lived in Chevy Chase?  I’m not sure so I settle on “Fritz”, the fluffy French poodle Grandma gave us, who unfortunately only lasted three weeks.  But my security wench with the Indian accent doesn’t like this answer and skips to a question about cars.

“What was your first car?” (more…)

Writing Down Website Passwords versus Old-School Rules

Saturday, June 9th, 2012

There is an awful rule of basic password management which actually works counter to good security.  Yet it continues to be suggested by even the top security organizations in the world.  The rule is this: don’t write down your passwords.

There are lots of problems with this idea.  Not the least of which is the fact that if we make our passwords so easy to remember that we don’t have to write them down, well, they may well be too easy.  Or, if we decide to make it simple and use the same password for everything, that means all our banking accounts could be compromised the minute someone breaks into our gun club registry or recipe-swapping website.  And one glaring reality this rule hasn’t kept pace with is that these days we need way too many passwords: one person can easily visit 15 different sites in a few hours – all of which require passwords.

I like to write them on my mirror.

So why the dumb rule?

In their defense, this was accepted wisdom twenty years ago for two reasons.  Back then there was only one password that mattered: the one to get onto your computer.  Naturally you didn’t want that password to be in the same place as the system!  And apparently in those days people weren’t clever enough to write down passwords anywhere except on sticky notes attached to the computer.  (Duh!  At least put it in your shoe!)

More importantly – reason #2 – in those days what we worried about most of all was what we call “internal threats”.  That is, we worried about other people at our place of business gaining unauthorized access to the computer or the network. (more…)