Scripting is disabled in your browser. Scripting is used for the navigation menus and to enhance the functionality of this site. Click here for directions for turning on scripting in your browser.

February 2005 Newsletter

Passwords and You

By Benjamin Frayser, Newsletter Editor

You use passwords everyday. You probably use several passwords everyday. You do this to protect your files, to protect your computer, to protect your bank account. But how good are they? Is your computer and personal information really that secure? The Bad Guys are out there and they are incredibly good at breaking through your passwords.

Chances are your passwords could easily be cracked, even if you follow the complexity requirements directed by your I.T. Guys. There are many, many websites detailing how to create a good password and how to crack a bad one. Performing a web search at www.google.com on the phrase 'good password' resulted in an estimated 3.4 million websites. A web search for 'cracking passwords' resulted in 262,000 results. That's a lot of information for The Bad Guys to have. A good password will help protect you not only from Malicious Internet User Guy but also from Recently Fired Disgruntled Worker.

Thou Shalt Not

So, how do you create a secure password? Consider these tips on what not to use to create a password.

Any form of your login/username should not be used (i.e. reversed, capitalized, as-is, etc)
Do not use any form of your first or last name or the names of your spouse or children
Commonly known or easily gotten information about you should not be used (telephone numbers, social security number, license plate, favorite name brands, birthdays, anniversaries, employer, etc.)
You should not use a word that is contained in a dictionary of any language
Do not use a password that is shorter than six characters.
Passwords that are the same character or in a sequence (i.e. AAAAAAAAA, 13579, qwertyui, etc)
Do not share your passwords with anyone
Any password that you cannot remember without having to write it down
And above all else, do not write your password down

Allow me to give you some examples. While "ben0218" may meet alphanumeric and length requirements, this is a bad password. "0218" could have some significance to me. Maybe it's my birthday, or an anniversary. Using "QuaDaX" is a no-no, even though I have changed the case of some of the letters, because it is the name of my employer. Some people will say to use an acronym of a phrase as your password. Something like "I work for Quadax as a Marketing Coordinator" would result in password "IwfQaaMC". The word itself makes no sense and may rate as secure, but consider a different method as this can make for confusing passwords. It is clumsy and not quickly typed; it may not be easily remembered.

Uh Oh…

You might be sitting there saying "My passwords meet almost every one of those points you just gave! What do I do??" Don't get too excited, all is not lost. Here are simple tips to create a safe password.

Use mixed-case characters
Use non-alphabetic characters such as digits or punctuation
Make a password that you can type quickly and without having to look at the keyboard. This will make it harder for someone to look over your shoulder and see your password.

A strong password is one that is at least eight characters in length and includes a combination of letters in upper and lower case, numbers, or symbols. A strong password is one that is remembered by you but difficult for others to guess. A strong password is one that you change every couple of months (a good practice to use is to change your passwords at the beginning of each quarter). A strong password is not a password at all.

Catch Phrase

Now you are probably saying "Okay, you've lost me". Actually that would make a good password. No, check that. It would make a good pass-phrase. It meets requirements for length (there are 20 characters total including spaces), complexity (mixed case, special characters, and spaces) and it is easy to remember.

Do you see a pattern yet? It is pass-phrase length, not high complexity, that makes for secure passwords. Here some ideas to create a good password.

A memorable line from a favorite movie. "Come on, while we're young!" (from Caddyshack. R.I.P., Rodney)
A memorable line from a favorite song. "Is it any wonder I'm not crazy?" (Styx Too Much Time On My Hands. I think its true for all of us)
A favorite quote or saying. "Working hard, or hardly working?"
A fact about you. "My brother, Blaine, is 4 years older than I am." (this checks in at a whopping 47 character length!)
A word or phrase that uses numbers or special characters in place of numbers such as "I h8 w0rk"
A couple three, four, or five letter words together that have no similarity to each other with or without spaces like "Duck Car", "Pen Tape", "DeskBall", "PhoneTack"

When creating a password for Quadax systems please keep in mind that there are some inherent limitations. For example, HARP does not allow for special characters or spaces. The ASP Portal will allow both, but will be limited to 16 characters. Xpeditor allows for up to 30 characters including numbers and special characters.

Taking all this into account, you can safely stop worrying when your I.T. Guy demands you reset your password, forcing you to think up a new eight character minimum alpha-numeric code. And, you'll have a secure pass-word at the same time.

Gone Phishing

On a side note, watch out for an email scam called 'phishing'. Phishers try to scam you into providing vital and secure information about you. They will send out millions of spam emails pretending to be another company, such as a bank, credit lender, even eBay or PayPal. The email will say something like "there is a problem with your account. Please follow this web-link and enter your correct information." The emails will look professional and convincing, as will the websites you are directed to. You will be instructed to provide information such as name and address, mother's maiden name, social security number, credit card numbers and expiration dates, etc. Never follow these instructions. Most legitimate business, including your bank and another companies you do business with, will not solicit needed information from you in this manner. When in doubt, check it out. Go directly to their website by typing their web address into your browser; don't follow the link in the email. For more information, you can check out the Anti-Phishing Working Group's website.

	February 2005 Newsletter Table of Contents Passwords and You OIG Compliance: Hospitals HARP Development Progresses HARP Migration Update New Faces Keeping Jobs Stateside Partners' Dinner EDI Employee of the Year Other News Bulletins Newsletters News Index