Newsletter


January, 2012

Passwords

   

Passwords and identity security go hand in han d. I find in my computer support work that people have trouble remembering so many passwords, or that they put themselves at increasing risk by just having one or two very similar passwords.


It is important to add some complexity and range to passwords, and that raises the need for a means to store them so they are accessible, particularly the less used ones, when necessary. Although there are programs that will store and protect your passwords, I recommend avoiding such proprietary software.


Over my many years of working with computers, I’ve used such “cool” software to build databases of various kinds including one for my vast collection of music on vinyl and tape. When the company that develops such software goes out of business, the software may only work until your operating system updates to a point where the software no longer works and your hard work inputting all that data is lost.


I therefore recommend using an Excel compatible spreadsheet like Pages or a Word compatible document with a table. Such documents are not likely to become obsolete, and you can update your password file as these mainstream programs update. Spreadsheets in particular can be saved to what is called a “Tab-delimited text file, meaning that you can export or even copy and paste the data from one spreadsheet program or word-processing table to another.


Now that you have an Excel file with all your passwords, you can lock it with a password, or bury it deeper in what I like to call a “disk image vault.” The advantage of a vault is that you can include other private files,  even pictures, movies and sound.


Using Disk Utility, you can create an encrypted Disk Image, that protected with one password you can easily remember, this password directory or folder becomes accessible to you right on your computer while not being available to snoops or data thieves.


There are some similar locked folder Apps available for your iPhone or iPad that will serve a similar purpose when you travel.


A good new year resolution is to “mix up” and vary your passwords a bit and set up a secure system to record and remember them.

 



A  systematic approach to creating passwords is to have password categories based on a few memorable “strings” of numbers, letters and symbols.


When you set categories, you can distinguish between very low risk passwords that you might use to access news sites or sites where you set up investment stock lists. A crook gaining access to that information can do you little harm.


The next category would be sites from which you regularly buy online: this involves a little bit more security, but in most instances those sites are set to ship merchandise to you (although some do allow you to send gifts), and in all cases these sites send you email confirmation as soon as you make a purchase, so you will know if someone is using your account. Your Apple ID may also fall into this category.


Greater security should be applied to the passwords you use for sites like gmail, yahoo, or hotmail. Your computer Administration password needs at least this level of security as does the password you used to secure a wireless Internet connection.


The highest security of password protection goes to online banking, stock trading accounts, and credit card sites.


If you feel password challenged, you can start out simply with four passwords for the categories of risk, and then use them as themes you can modify with a system.


In planning a system of passwords a good starting point is to think of things that may have been burned into your head during childhood. These might be an important street address, telephone number (not your current one), pet, friend, important person, employment, author, book etc.


Make a list of these possible “strings.” Then see if any lend themselves to getting mixed up with numbers such that a “1” might stand in for an “L” or an “i,” or where a number can be a sound shortcut for a word similar to using “4Tune8” to replace the word “fortunate.” In other events you might want to combine a childhood street number with the name of your pet at that time.


Once you have four or five of these phrases that include letters and numbers (try to include one CAPITAL letter in each since this is becoming a requirement for some websites, assign them to the Low, Medium, High, and Very high risk categories.


So now you have five memorable phrases and you can remember the one associated with shopping or the one associated with banking etc. Now just create a system to modify each password. For example if your password is Mandrake1, you can insert one or two letters of the site at the beginning, middle or end of the the password. Say for gmail, it could be gMandrake1m, Mangmdrake1, or Mandrake1gm etc. The password is now complex enough that you can use just one rule for all similar sites, just vary the beginning, end or middle with your code for the name of the site. 


 

On a Related Subject, Information on The CAPTCHA.

We have all struggled to read those distorted words that are supposed to differentiate humans from machines The graphics are called CAPTCHs. Now here is an entertaining and informative lecture by Luis von Ahn, the inventor of the CAPTCHA, and how they are beginning to use the humanity of all the people who use the Internet toward a good cause.