Sunday, May 27, 2018

Risk Management, Business Continuity, COOP

Why reluctance
To create
New password?

I HAVE A NUMBER OF PASSWORDS, A/K/A PASS CODES.

I change them at least monthly; some after they are used three times (or once a month, whichever comes first).

I once worked for a defense contractor that insisted on new passwords every 90 days; I thought that was 60 days too much. (The employer refused to implement enterprise risk management practices; I was almost fired for suggesting it.)

Some security people recommend having an easy to remember password, such as a phrase. It might be easy to remember something similar to “The quick brown fox jumps over the lazy dog" but that presents several problems.

First, many organizations, including (unfortunately) some financial institutions, limit passwords to 14 characters. “The quick brown fox...” exceeds that limit.

Second, many organizations insist that the password includes CAPITALS, lowercase, and digits (0-9). This seems to be a fairly common practice.

Third, some organizations demand that the password contain a “special character” such as #, &, !, @

There are lists of password options NOT to use: names of relatives and pet, zip codes and phone numbers, dates of birth are a few discouraged passwords.

PC Tools “Password Utilities” has been creating passwords for me for many years.

There are other password generators for various platforms (Windows, Linux, Mac, Unix). I found “Password Utilities” years ago and it still does the job, simply and quickly. Moreover, it is free.

It is challenging to remember a password such as FJZ%q9c9b2&=n#%aZxXsJ$9r52b2j8nf.

I don’t try.

I have a password protected file that stores my current passwords. The password for THAT file IS something I CAN easily remember. It helps that the password file has an “innocent” name and it buried under several sub-directories (folders within folders). That password ALSO is frequently changed.

Most of my accounts allow me to “cut-n-paste” my new passwords, so changing a password is nearly painless.

A few, primarily financial organizations, make me key in each character. It’s slow, but I tell myself it is for my protection. One organization not only requires that I manually key (vs. cut-n-paste) the new password, but it then insists I enter its own code, sent via phone, to activate the new password. (This company also has a really good enterprise risk management plan, one reason I like this organization.)

One advantage of a password generator is that some organizations prohibit use of the same password within “n” months.

For me, remembering to change my passwords is easy. I change passwords on the same day I do maintenance on the air handler. (One cup of white vinegar followed by two cups of very hot water into the evaporation drain, and inspect/change the air filter. Once-a-month, every month.) I have a reminder set up so I don’t forget.

I confess there are days I really do not want to change all my passwords, but it is a “must do.”

If I share my passwords with anyone (e.g., my computer guru) I change the passwords as soon as he departs.

Changing passwords does not need to be painful.


PLAGIARISM is the act of appropriating the literary composition of another, or parts or passages of his writings, or the ideas or language of the same, and passing them off as the product of one’s own mind.

Truth is an absolute defense to defamation. Defamation is a false statement of fact. If the statement was accurate, then by definition it wasn’t defamatory.

Comments on Passwords

No comments: