Password Headaches

Chris Hannan (Apr, 2015)

In 1990 the internet was just being born and half the companies in America didn’t even have a server. Passwords were mostly nonexistent as there was no real need for data security since only a handful of people in your office even had a computer.

For those companies that did have mainframes, the passwords would rarely change because it was easy to remember just one. If you did happen to forget it most people would have it written on a sticky note and put it under the keyboard (some still do that).  We would use passwords that we could not forget like our dog or our children’s name. I personally have three girls and have never forgotten their names; however, I do get them mixed up and call them by one of their sister’s names.

Over time, internet passwords quickly became the common place to allow you to log on securely. The problem is that every computer, website and application now requires a password and, to make matters worse, sometimes we are required to change them every 30 days or so.

What used to be a three character password is now an eight character password with a capital letter, a symbol, and at least one number. Some new recommendations are to have as many as 17 characters for even better security because the 8 character rule is too insecure. Who can remember a password with that many characters?! One time I even downloaded a password keeper program that ran on my computer where I could store all my passwords. That worked great until I forgot the password to it too!

Ok, enough kidding. We can all agree that passwords can be a headache, but in this day and age it’s vital in helping to keep your information secure. Here are some password rules that I personally use to help protect and reduce the constant request for a password change when trying to access a websites:

1.       Do not use the same password for every account.

Hackers do everything they can to get at least one password from you because they know that it will most likely be the same for many other websites. With those internet tracking cookies that your browser has to have enabled in order to visit most websites, they can determine very easily what websites you visit.

2.       The more private the information the stronger the password.

Banking, investments, and medical record websites are the most common ones to use a stronger password that should be changed at least monthly.

3.       Do not write down your password.

This is a requirement in companies that are mandated by regulatory compliance and should also be followed as general practice as well. Writing down your password makes it easy for anyone to get your private information. I cannot tell you how many IT audits I have done where I find the users password under the keyboard, top desk drawer or stuck to the monitor.

4.       Use a password to protect your phone and tablet.

For some reason, most people think that the information on their mobile device is not important, when in fact we use it to get email, text, and access the same private information that we do on our personal computers. You never know when that device will get lost or stolen.

5.       Have a password creation routine.

A good trick for multiple passwords is to keep them in the same form, but make enough of a change to keep them secure and easy to remember. Pick a common item that you use or like, for instance an “apple”. Next create a number sequence like even numbers starting at “2”. Then pick a symbol like “!”. Then make the first letter capital. So here is the password I created with the examples, “Iate2apples!!”. With this technique the next time you change your password you can make it “Iate4apples!!!!” and so on. You can use a different identifier like “oranges” for your bank accounts and “lemons” for your email.

Unfortunately, nobody’s data is totally safe.  Hackers can get access to our private information just by stealing it from some vendor that we transact with regularly, but anything you can do to secure your information is one step in the right direction. Treat your passwords with the same importance as the key to the front door of your house; otherwise it’s like handing the keys to the burglar.

Chris Hannan is an Information Technology expert with over 20 years’ experience in the electronic industry. His background includes Network Engineering, Design, Auditing, Forensic Analysis, Communications and Security. His certifications include Microsoft, CISCO, HP and IBM to name a few. Chris has worked with Dermody, Burke and Brown since the late 1990’s, joined the firm as the Director of Information Technology in 2004 and started Optimal Technologies, LLC. in 2007. He continues to be an integral part of our firm to this day.

The information reflected in this article was current at the time of publication.  This information will not be modified or updated for any subsequent tax law changes, if any.

Return To The Focus Front Page

I would like my DB&B tax advisor to
contact me regarding this topic.