05
Jun
12

Entry Denied (AGAIN)!!!

Post from Jean Thilmany:

Am I the only one ensconced in password hell? How are we supposed to keep track of the millions of user IDs and passwords required in this world?

Like everyone else, I have my email accounts, my work-related sites, one of my kid’s school accounts—including one for school hot-lunches that I only refill about twice a year. In fact, the worst sites in terms of remembering passwords are those I only visit a few times a year and those that prompt me to create a password I don’t normally rely on. “Quick: Come up with a memorable password of sixteen characters, three of them upper case, three of them lower case and at least two of them numbers. Then spit it back a year from now.”

Financial sites like banks and brokerages—and others rife with personal information such as health insurance accounts—usually ask me to create these types of passwords, plus they prompt me with several qualifying questions. So this means that when I phone in to customer service, my inability to remember the town in which I was born makes me ipso facto sound like a thief. So by “color of my first car” did they mean the first one I bought myself, or the bright-orange Volkswagen Rabbit my dad bought for my sister and me when I turned 16?

I’ve always been afraid of writing down my passwords (though secretly I wanted to).

But now, Dave Chronister tells me I can do just that. As managing partner at Parameter Security, a firm of certified ethical hackers in St. Peters, Mo., he’s an expert who should know. He and another expert have given me a few other password tips I want to pass along.

Don’t write the thing down and tape it to a computer or leave it bolded in the address book on your desk next to your computer, he said. Instead, write down your passwords and seal them in an envelope in an area away from your computer.

That way, if you really need a password, even a few years down the road, you’ll know where to find it. And thieves likely won’t find the envelope and put it together with computer use.

But what are the chances of me finding where I hid the envelope, if I need it in two years’ time?

And about those question prompts, Steve Santorelli, a former Scotland Yard detective who is now director of global outreach at Team Cymru, an Internet Security research company in Lake Mary, Fla., has good advice.

“Sarah Palin’s account got hacked because the hackers could guess the answers to all of her secret questions,” he said. He advises users to register answers that don’t directly pertain to the question but that they can easily remember, such as their first phone number, a phrase, or string of numbers that means something to the user but isn’t easily guessable to the outsider.

So now I just have to remember whether I paired my first phone number to the prompt question about first car color or first-grade teacher’s name.

But here’s some good advice from Chronister that I can get behind: When it comes to choosing a password, consider a sentence, he said. After all, a “pass phrase”—rather than a password—of up to 16 characters would require intense computing power to guess and would contain a space, a nonletter or number tab little considered by hackers. A sentence can be easy to remember and can be long enough—including special characters—that hacking software and hackers themselves can’t easily discover it.

This sentence will by my password. Or will it?


3 Responses to “Entry Denied (AGAIN)!!!”


  1. June 5, 2012 at 3:00 pm

    Write down your passwords, from my own blog:
    http://securitynirvana.blogspot.no/2010/03/write-down-your-password.html

    With pointers to previous articles encouraging you to do the same thing:

    http://www.schneier.com/blog/archives/2005/06/write_down_your.html (Bruce Schneier)

    http://news.cnet.com/Microsoft-security-guru-Jot-down-your-passwords/2100-7355_3-5716590.html (Jesper Johansson, ex-Microsoft security employee)

    I hope this helps. Change them whenever you think they have been compromised – but not on a regular schedule without a good reason for doing so.

    Best regards,
    Per Thorsheim

  2. October 21, 2012 at 9:58 pm

    鍖垮悕銇伄銇€佺銇伅瑾般仩銇嬪垎銇嬨倠銉汇兓銉?^_^;)銇傘倞銇屻仺銇嗐€傘€傘€

  3. May 30, 2013 at 7:42 am

    It’s a pity you don’t have a donate button! I’d without a doubt donate to this fantastic blog! I guess for now i’ll settle for bookmarking and adding your
    RSS feed to my Google account. I look forward to brand new updates and will share this site with my Facebook group.

    Talk soon!


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


The Editor

John G. Falcioni is Editor-in-Chief of Mechanical Engineering magazine, the flagship publication of the American Society of Mechanical Engineers.

June 2012
M T W T F S S
« May   Jul »
 123
45678910
11121314151617
18192021222324
252627282930  

Twitter from John Falcioni

Twitter from Engineering for Change

Friend us on Facebook

Friend ASME

Friend Engineering for Change

Friend ASME Nanotechnology Institute


%d bloggers like this: