Tech Tuesday: Electronic Privacy and Security
 |
How many of us have our passwords written somewhere within reach of our computer - under the keyboard, on the side of the monitor, in a desk drawer? (Guilty - Editor)
At one time, you could select your own username and password and rely on the randomness of these two pieces of information to be good enough to prevent most intrusions. Then the hackers and identity thieves arrived on the scene and the need for "stronger" passwords came with them.
I can remember when passwords needed to be at least four characters ("pass," "word," last four numbers of an SS number), and then at least eight characters (mother's maiden name, phone number, full SS number), and then they needed to contain at least one integer (so we all added a 1 at the end of our password), and then mixed-case characters (so we capitalized the first character or maybe every other if we were really crafty)...
Despite the experts urging us to create stronger and stronger passwords, the majority of us still use one that is either so common that a hacker's password generators won't even break a sweat before they have guessed it or is something that anyone who even remotely knows us could guess in short order.
I'll admit that the need to remember both a username and password for every online store, e-mail address, or network login can be a real challenge. But not to worry, computer programmers (or more likely marketing executives) have come to our rescue and have decided that in most cases our username should be our e-mail address – so now we only need to remember half the login information we needed before.
Handy for us - a username we can remember and most likely we'll get a confirmation e-mail before our account is active, and if we remember not to clean out our entire e-mail inbox, we have a resource to refer back to when we have forgotten the login to www.buymenow.com that we created late one night.
But is this really a good idea? For someone like me who uses 20 or so different e-mail addresses during the course of day, maybe it's not so bad. But if you only have one e-mail address, you now have the same login (and amazingly enough for many, the same password) for almost every verification process you encounter. You are forced to give a company your e-mail address, which you may not normally wish to hand out, and once your address is stored in www.buymenow.com's database, who knows where it will end up?
Not to mention that changing one's e-mail address is not as easy as selecting a new username. It could take weeks, maybe months, before you can wean yourself off your old e-mail address and take up your new identity.
This also leads to my biggest pet peeve regarding e-mail – those who forwarded you that must see joke, a chain letter that will change your life, or word that Bill Gates is going to give you a dollar for every person you forward his beta test e-mail to - without using the "BCC:" line.
If you don't use that line when sending to more than one person, you don't remove the e-mail address of the person who sent it to you and probably the dozen or so other e-mail addresses that have gone along for the ride with every new forward. There are many reasons for this pet peeve, but I'll save those for my next rant two weeks from now.
So what to do? Passphrases are becoming all the rage. That's a sentence that should only make sense to you and most likely will contain mixed-case characters, numbers and even non-alpha characters – the verification process must be to handle spaces, which isn't always the case, but an underscore (_) can always be substituted.
With all the free e-mail sites out there now (Yahoo, Hotmail, Gmail, etc) it is easy enough to create an e-mail address that is only used for login purposes. And there are many Web site that will give you pointers on how to create a password that is hard to guess but relatively easy for you to remember.
I sometime wonder with all the suggestions of stronger and stronger passwords, would no password at all be just as hard for someone to guess nowadays. I would never take that chance, but I do wonder.
C.J. Vadnais is president of the Southern Vermont Broadband Cooperative in Stamford, Vt. His opinions are his own.
