Wednesday, April 30, 2014

PASSWORDS PROBLEMS ?

Accounting Technology
APRIL 28, 2014 
BY MARK WARREN AND JOE ANDERSON

“I never forget my passwords.” “My passwords are unique to each of my logins.” “My passwords are virtually impossible to hack.” By the end of this column, you will be able to say these things with confidence.

Passwords are the keys to your information. If you lose your key, you are locked out. If someone acquires your key, they have access to your information. Sometimes it is convenient to have a single key to all your locks, but if someone obtains a copy of your key, they have access to all your information. That’s why it is important to have unique keys to each of your locks. If one is “lost,” the other doors are safe.

Current studies indicate 55 percent of users use the same passwords for most all sites they visit and 26 percent of all users use common passwords such as birthdays, names, or familiar places. This makes things easy for thieves and once they have your password, they essentially are you, at least digitally.

So, you need a password that is unique to each website, impossible to guess, and easy to remember. It’s not as tough as it sounds. Here’s how to build your own password from three elements.

1. A unique, reusable pass phrase

To begin, think of a “pass phrase,” something unique to you that is easy to remember, such as “Because you’re mine, I walk the line.” We will use this pass phrase as part of our scheme for all passwords and it will be the only thing you need to memorize. A pass phrase contains the elements of a normal password (letters, numbers, special characters) but when “decrypted/deciphered” is much larger than the password key itself. In “Because you’re mine, I walk theline,” you could grab the first letter of each word from that line (as underlined) and make something like: B4m!wtl. You could practically say it while you type it, and it wouldn’t make sense to the person beside you.

This becomes your root element and should be committed to memory, so make the phrase something meaningful to you. You will find that it is not difficult to remember after a few uses.

2. An element unique to each login

The second element of our pass phrase contains an element from the site you are logging in to. Once a method is chosen, you should remain consistent about it from site to site. You might pull the letters from the URL, or from the title, or from a phrase in your head that symbolizes the site to you.

In this example, we will pull the last three letters from the host name in the URL. When logging in to Gmail, our element would be “ail.” To make it less conspicuous, you may want to shuffle those letters. However you do it, be consistent from site to site. For our example, we will reverse the letters, making our second element “lia”

Our password for Gmail now becomes: B4m!wtllia

3. Something unique to you


Your final element should be something unique to you. You might choose to add a string that is meaningful to you, such as a date or set of symbols. You may choose to add a revision number for passwords that must be periodically changed. For this example we will add an age, “29 years old,” making our final password

B4m!wtllia29y0
The estimated crack time for this password by a desktop PC is approximately 157 billion years!

So for YouTube, our password would become: B4m!wtlebu29y0

Using our example for Yahoo, our password would become:
B4m!wtlooh29y0

You may string the elements together in whatever combination makes the most sense to you. You may choose to use the root element last, or in the middle. The example above is by no means exhaustive.

Create different schemes for passwords that you share with your family or friends. Create different schemes for work, recreation, or critical passwords. The key is to find something unique to you.

Find a pattern that fits you and you will never forget it.

Mark Warren and Joe Anderson work in LBMC Security & Risk Services, a member of The LBMC Family of Companies, service provider for information security.