Full Newsletter   Newsletter Archives

  Stambaugh Ness        SN Financial Strategies         SN Business Solutions   



Printable version 

By Kenneth Saxe, MCSE, MCSA, MCP, CNE
SN Business Solutions' Senior Consultant

 

A few years ago I was speaking to a large group about technology and security.  During my presentation I took my ATM card out of my wallet and gave it to one of the attendees. I asked him to go to the hotel lobby, use my ATM card and, as a bonus, he could keep all the money he got. Seeing dollar signs in his eyes he rushed out of the room. A few moments later he came back in. When asked what the problem was, he said, "I need your PIN number." That was the rub. I wasn't going to give him my PIN number ... just the card. Without the PIN the card was a useless piece of synthetic polymerization.

Much like your ATM's PIN number gives access to your bank accounts, your passwords are the keys to access your personal information that you've stored on your computer and your online accounts.

If criminals or other malicious users steal this information, they can use your name to open new credit card accounts or pose as you in online transactions. In many cases you would not notice these attacks until it was too late.

Fortunately, it is not hard to create strong passwords and keep them well protected. Here are some tips from Microsoft:

What makes a strong password:

A strong password should appear to be a random string of characters. The following criteria can help your passwords do so:

Make it long. Each character that you add to your password increases the protection that it provides many times over. Your passwords should be 8 or more characters in length; 14 characters or longer is outstanding.

Some systems also support use of the space bar in passwords, so you can create a phrase made of many words (a "pass phrase"). A pass phrase is often easier to remember than a simple password, as well as longer and harder to guess.

Combine letters, numbers, and symbols. The greater variety of characters that you have in your password, the harder it is to guess. Other important specifics include:

• The fewer types of characters in your password, the longer it must be. A 15-character password composed only of random letters and numbers is about 33,000 times stronger than an 8-character password composed of characters from the entire keyboard. If you cannot create a password that contains symbols, you need to make it considerably longer to get the same degree of protection. An ideal password combines both length and different types of symbols.

• Use the entire keyboard, not just the most common letters, numbers and symbols. Symbols typed by holding down the "Shift" key and typing a number are very common in passwords. Your password will be much stronger if you choose from all the symbols on the keyboard including punctuation marks not on the upper row of the keyboard.

Use words and phrases that are easy for you to remember, but difficult for others to guess.

Create a strong, memorable password in 5 easy steps

1. Think of a sentence that you can remember. This will be the basis of your strong password or pass phrase. Use a memorable sentence, such as "My son Nathan is five years old."

2. Check if the computer or online system supports the pass phrase directly. If you can use a pass phrase (with spaces between characters) on your computer or online system, do so.

3. If the computer or online system does not support pass phrases, convert it to a password. Take the first letter of each word of the sentence that you've created to create a new, nonsensical word. Using the example above, you'd get: "msnifyo".

4. Add complexity by mixing uppercase and lowercase letters and numbers. It is valuable to use some letter swapping. For instance, substituting the word "five" for the number 5.

5. Finally, substitute some special characters. You can use symbols that look like letters, combine words (remove spaces) and other ways to make the password more complex. Using these tricks, we create a pass phrase of "My SoN NaTHaN i$ 5 yeAR$ 0ld" or a password (using the first letter of each word) "M$ni5y0".
 
Password strategies to avoid:

• Avoid sequences or repeated characters. "12345678," "222222," "abcdefg," or adjacent letters on your keyboard do not help make secure passwords.

• Avoid using only look-alike substitutions of numbers or symbols. Criminals and other malicious users who know enough to try and crack your password will not be fooled by common look-alike replacements, such as to replace an 'i' with a '1' or an 'a' with '@' as in "M1cr0$0ft" or "P@ssw0rd". But these substitutions can be effective when combined with other measures, such as length, misspellings, or variations in case, to improve the strength of your password.

• Avoid your login name. Any part of your name or similar information for your loved ones constitutes a bad password choice. This is one of the first things criminals will try.

• Avoid dictionary words in any language. Criminals use sophisticated tools (available FREE on the Internet) that can rapidly guess passwords that are based on words in multiple dictionaries, including words spelled backwards, common misspellings, and substitutions.

• Use more than one password everywhere. If any one of the computers or online systems using this password is compromised, all of your other information protected by that password should be considered compromised as well. It is critical to use different passwords for different systems.
 
Keep your passwords secret

Much like your ATM card's PIN number, treat your passwords and pass phrases with as much care as the information that they protect.

• Don't reveal them to others. Keep your passwords hidden from friends or family members (especially children) who could pass them on to other less trustworthy individuals. Passwords that you need to share with others, such as the password to your online banking account that you might share with your spouse, are the only exceptions.

• Protect any recorded passwords. Be careful where you store the passwords that you record or write down. Do not leave these records of your passwords anywhere that you would not leave the information that they protect.

• Never provide your password over e-mail or based on an e-mail request. Any e-mail that requests your password or requests that you to go to a Web site to verify your password is almost certainly a fraud. This includes requests from a trusted company or individual. E-mail can be intercepted in transit, and e-mail that requests information might not be from the sender it claims. Internet "phishing" scams use fraudulent e-mail messages to entice you into revealing your user names and passwords, steal your identity, and more.

• Change your passwords regularly. This can help keep criminals and other malicious users unaware. The strength of your password will help keep it good for a longer time. A password that is shorter than 8 characters should be considered only good for a week or so, while a password that is 14 characters or longer (and follows the other rules outlined above) can be good for several years.

• Do not type passwords on computers that you do not control. Computers such as those in Internet cafés, computer labs, shared systems, kiosk systems, conferences, and airport lounges should be considered unsafe for any personal use other than anonymous Internet browsing. Do not use these computers to check online e-mail, chat rooms, bank balances, business mail, or any other account that requires a user name and password. Criminals can purchase keystroke logging devices for very little money and they take only a few moments to install. These devices let malicious users harvest all the information typed on a computer from across the Internet-your passwords and pass phrases are worth as much as the information that they protect.

What to do if your password is stolen

Be sure to monitor all the information you protect with your passwords, such as your monthly financial statements, credit reports, online shopping accounts, and so on. Strong, memorable passwords can help protect you against fraud and identity theft, but there are no guarantees. No matter how strong your password is, if someone breaks into the system that stores it, they will have your password. If you notice any suspicious activity that could indicate that someone has accessed your information, notify authorities as quickly as you can. Contact the proper authorities if you think your identity has been stolen or you've been similarly defrauded.

This is just one of many technology topics our SN Business Solutions staff can tackle. If you have a particular topic request, you may use the email form below to share it with Ken for a possible future article.


 Save article  Email Firm  Email to a Friend
Is this item worthy of implementation? Yes No Maybe
Is this item worth sharing with other associates? Yes No Maybe
Did this item present value to you and your business? Yes No Maybe
Comments:

Our firm provides the information in this e-newsletter for general guidance only, and does not constitute the provision of legal advice, tax advice, accounting services, investment advice, or professional consulting of any kind. The information provided herein should not be used as a substitute for consultation with professional tax, accounting, legal, or other competent advisers. Before making any decision or taking any action, you should consult a professional adviser who has been provided with all pertinent facts relevant to your particular situation. Tax articles in this e-newsletter are not intended to be used, and cannot be used by any taxpayer, for the purpose of avoiding accuracy-related penalties that may be imposed on the taxpayer. The information is provided "as is," with no assurance or guarantee of completeness, accuracy, or timeliness of the information, and without warranty of any kind, express or implied, including but not limited to warranties of performance, merchantability, and fitness for a particular purpose.

IRS Circular 230 Notice: To ensure compliance with requirements imposed by the IRS, we inform you that any US tax advice contained in this communication is not intended or written to be used, and cannot be used, for the purpose of avoiding penalties under the Internal Revenue Code.

Securities and advisory services offered through Geneos Wealth Management, Inc. Member FINRA/SIPC. Geneos Wealth Management, Inc is not affiliated with Stambaugh Ness.