Passwords and Security Improvements

• November 24th, 2009

User names and passwords are a necessary evil. In this post, I briefly offer some tips and tools to help you maintain good security habits.

Authenticating different accounts on various sites creates complacent conduct. Solutions such as OpenID, reduce the number of username/passwords that you have to recall. Unfortunately, not every site utilizes a third party identity login. First, let this be a reminder to update your passwords throughout your systems.

Bruce Schneier has a good summary, so I will highlight his and Becky Waring articles.

  • DO use a password manager.
  • DO change passwords frequently. I change mine every six months or whenever I sign in to a site I haven’t visited in long time. Don’t reuse old passwords. Password managers can assign expiration dates to your passwords and remind you when the passwords are about to expire.
  • DO keep your passwords secret. Putting them into a file on your computer, e-mailing them to others, or writing them on a piece of paper in your desk is tantamount to giving them away. If you must allow someone else access to an account, create a temporary password just for them and then change it back immediately afterward.

Passwords can be applied to the entry of many systems. While at a hotel, if the cleaning staff are in my room with the door propped open, I appreciate it when the staff make me put the keycard into the room door to verify my right to the room. Things are getting better as a result of technology, and the social awareness and education of aberrant tactics. (I still am surprised at the number of merchants that will read the back of my credit card which says “REQUEST ID”, look up at me, and never ask for my license.) Thank others for challenging your access.

Other technologies and methods such as picture and icon passwords are an alternative to remembering text characters. (The icon set is also useful for CAPTCHAs.) More details on picture passwords available on PDF. Biometric devices are also constantly getting better; they are an excellent secondary authentication factor. Pressure and angle sensitive pens and signature pads to detect forgeries are another interesting idea to follow. Until these alternatives become robust, we are stuck with text passwords.

If you know someone that has difficulty coming up with a valid password, refer them to one of the online password generators.

« | Home | »

Testimonials

It saves us each year!

"Thank you for your efforts and developing a comprehensive data/record management system for the Town Youth Counseling Program and your services over the years.The innovative solutions have been powerful and key to reducing our time spent on reports, yet simple and intuitive enough for us to use without a manual. I cannot believe how much time it saves us each year!"

Bill • Program Director
Industry: Counseling Services

Exceeded our client’s expectations!

"Thank you for your quick and efficient delivery of a coded solution for our graphical interface. Your responsiveness allowed us to deliver a finished product ahead of schedule and exceeded our client’s expectations. We look forward to continuing our relationship and collaborating on projects in the future."

John H.• Owner
Industry: Graphic & Web Design

Professional & Reliable

"It is always nice to know you can rely on people to do certain things. Hope you realize how much I value your professionalism."

Dave R.• CPA & Board Adviser
Industry: Financial & Healthcare

They can do it all!

"CTSC helped us from start to finish; everything from the simple to the complex. They can do it all!"

John G.• Partner
Industry: Financial Services

Recent Posts

Let’s Build a Nikola Tesla Science Center!

September 6, 2012
by: Dave • General

Backup Your Stuff!

March 18, 2012
by: Dave • General, Maintenance

The Evolving Professional Office

September 20, 2011
by: Dave • General

Tropical Storm Lee Impacting The Southern Tier

September 14, 2011
by: Dave • Business, Consulting, Maintenance

It is the solemn duty of engineers to frame the proper question

September 2, 2011
by: Dave • General

Business Cloud Collaboration Services

February 10, 2011
by: Dave • Technology, Web

Forgive us for our focus

February 8, 2011
by: Dave • Business, General

Annual Review Updated

January 3, 2011
by: Dave • Business, General