How to pick a password that won’t get passed along
A few years back, right around this time of the year, we had an experience that still makes us chuckle.
This was before the Internet had taken off, and VPN's were non-existent.
We had shipped a server to Washington D.C. to test out remote access over satellite. The company we were working with in D.C. had assigned a very polite, technically capable guy whose accent divulged the fact that he was not born in America.
One day we called upon our affable fellow and asked him to log in to our server as the administrator. The password was "superbowl." He tried it and reported that he was unsuccessful. This went on for several tries until we spelled it out for him, s-u-p-e-r-b-o-w-l.
"Oh!"he exclaimed. "SuperBOWL. I was typing in superBALL. What kind of word is that-- superbowl?"
Since we had a lot of work to do, we didn't have time to explain the enormity of the Super Bowl in the U.S. But this little anecdote does shed some light on one of the biggest issues facing many computer users today, that of selecting a password.
First and foremost on everyone's mind is how to prevent their password from being "cracked." That is, we don't want bad guys to figure out our password.
By now, most folks, regardless of their country of origin, know not to use seemingly common words or phrases. Rather, a complex password, consisting of and both upper- and lower-case letters, numbers, and even special characters such as @ and & are encouraged.
In fact many systems require that such passwords be composed in such a fashion. Employing such a password helps stymie thieves from accessing your online accounts.
Furthermore, don't use one password for all of your online accounts. Once that password becomes compromised, all of your accounts are vulnerable. Instead, rotate two or three passwords around.
Also, don't be afraid to forget your password.
In the old days, say, five years ago, forgetting your password was one of the biggest problems you could encounter.
Consequently, for service providers, staffing the "I forgot my password" call center was one of its biggest costs. So the service providers implemented pretty good password recovery systems, which most of the bigger Web sites employ.
So stop putting post-its with your password on your screen or under your keyboard.
Finally, to bring the Super Bowl example back into play, be careful when devising passwords that will be shared among people, such as system administrator passwords, or passwords for devices that are only capable of storing a single password.
To avoid confusion, we've found it best to avoid using letters or numbers that could be mistaken for others. Primarily, this involves the numbers 0 and 1 and the letters o and l.
John Agsalud is president of ISDI Technologies Inc., a Honolulu-based IT consultancy. Call him at 944-8742 or e-mail
jagsalud@isdi-hi.com.