Maryland Bar Bulletin
Publications : Bar Bulletin : July 2007

|

 TECHNOLOGY TALK:

BY ALAN EDWARDS 

Passwords are a necessary element of a modern workplace. The important question, however, is how do you create a password that is impossible for others to guess, but easy for you to remember? If your passwords are so complex that you have to keep a list in your wallet, in your pen drawer, PDA or under your blotter, you could be inadvertently harming your security. There a few simple rules of thumb for you to follow:

First of all, do not use the same password on all of your sites or accounts – as you can imagine, your fantasy football site probably does not have the same protections on it as your online bank account. At an absolute minimum, have three levels of passwords. Level 1 is for sites such as online newspapers or magazines, Level 2 is for online shopping sites that may have your credit card information, and Level 3 is for your online bank, brokerage account or other private financial accounts.

Use the following simple method to help you construct complex, secure passwords.
A secure password (i.e., dy7U$d!s) has the following characteristics:

    - eight or more characters,
    - uppercase letters,
    - lowercase letters,
    - and special characters (*!$@ etc.).
Here is a simple procedure to get a secure password that you will not easily forget.

1) Think of a phrase that means something to you - for example, “My favorite sports team is the Washington Redskins.”

2) Pick the first letter of each word in the phrase: My favorite sports team is the Washington Redskins = MfstitWR

3) Now, by doing some simple substitution you can add in the special characters. These substitutions are usually
based around the written look of the letter, i.e., swapping zero (0) for the letter o, or swapping ! for the letter i. Hence, MfstitWR becomes Mf5t!tWR.

Using this technique will help you avoid some of the common pitfalls of using people, places, pets or birthdays that have meaning to you but are generally also easy for others to guess. It also avoids your using any existing words in any language as there are “brute force” hacking programs that use every single existing word in every language in an attempt to gain access to your accounts.

Alan Edwards is President of Whitehorse Technology Solutions.

 

previous next
Publications : Bar Bulletin: July  2007