Password Strategies

Oh, what password at this site?

Variability of password requirments make remembering them a real pain!
Variability of password requirments make remembering them a real pain!

The Pain, but Need for Passwords

As more people take classes online; transact business online, either as a customer placing an order, trusting that a vendor holds your sensitive banking or credit card services in confidence; or finally at financial institutions transacting business between banks, the numbers of passwords the average person must maintain becomes almost intractable.

First, at educational institutions, keeping your password unknown will insure that no nearby student is able to steal your work or results on some online examinations.To fight this illegal activity, many institutions now key up a different test depending on student ID number, a wise move, since student cheating is very common.

Second, businesses prefer your business online and like to offer the client the option of storing a password associated with the client's bank account or credit card. This eliminates the need to hire call center agents, saving organizations vast amounts of money, as well as convenience to clients.

This assumes the business will maintain the security of the storage system. I worked for IBM, whose information was compromised. IBM gave those whose information was compromised free credit inspections for two years, as I recall.

Sadly, to both company and client, when information becomes compromised, others can order products delivered wherever or worse, carry out identity theft. More often than not, these Social Security Number breeches are made by inside employees. Careful executiion of common security practices within the company can usually detect a law-breaking employee and is one reason why employee background checks are now common.

Third and most critically of all, banks and other financial institutions want enormous security when you look at your bill, add, transfer money etc. This can become painful to the client, especially if required to remember obscure passwords.

I well remember all my elementary school teachers and knew the school. (Sadly, ex-husband knew the school also. But not the names of the teachers. Many companies offer the ability to choose your own secuirty questions to recover lost passwords, a smart move. Ex hardly knew the name of my third grade teacher!

Retrieving Forgotten Passwords

As the number of passwords mounts, the frustration of retrieving them similarly mounts, both to vendor companies, but particularly to the client, who typically uses several companies for online banking, shopping, etc.

I feel the best password strategy retrival mechanism is answering obscure questions that only the client would know. My favorites are

  • Who was your first grade teacher?
  • What elementary school did you attend?
  • What city was this in?
  • What school did you attend in the 8th grade?

Best of all is when the client can choose their own question to retrieve a forgotten password. This type of question (called a challenge/response) are virtually impossible for an unaffiliated person to answer.

Another good password retrieval method is to get a temporary password by telephone. Telephone convesations are heavily regulated and penalties for infractions are much worse and more traceable than e-mail infractions. I and only I know the password for my phone, even if I have to access it remotely.

There is software and other devices which can store passwords for you. These are usually bundled in a larger security package and typically use a master password to find one you have forgotten. Other companies also have specific offerings to do this securely and accept liability if a password is illegally used causing financial loss.

How to Keep Track of So Many Passwords

However, there are a variety of mutually exclusive mechanisms each site may require in passwords for their online sites:

· At least one number or no numbers permitted

· An upper case and lower case (Generally available anywhere)

· A punctuation symbol or the denial of a punctuation symbol

· Certain length

This all becomes baffling to the individual desiring to transact online because each site generally imposes their own conflicting mechanisms! In my experience, this approraches being combinatorially impossible, for any math geeks out there, given so many conflicting password requirements.

Thus, people write down passwords, which is highly dangerous if someone has access to where it is written down. I have seen many post-it notes on computers I supported with password in plain sight!

In the case of a punctuation symbol, I supported a Math Department where one professor chose to use Microsoft software to connect a PC to a Unix server. He chose a space as part of his password. The Microsoft software sent only the characters before the space, although the Unix machine could have handled that.

Not to bash kindly professors, but many think they are practically gods! Naturally, it was my fault the connection did not take place! But client and server must agree on connections like these.

The Need for Passwords

The ability to take care of mundane tasks on the Internet frees up many car or public transport trips. That does require a security mechanism like passwords, to free up the necessity to show up in person with an ID. (Upon a security compromise, however, be prepared to head out, two feet of snow or not!)

If physical presence is required, ID usually is satisfactory. IDs can be stolen, however. Unless a person is willing to have a microchip installed under skin, like a pet dog or cat or allow their retina to be scanned, IDs/passports, etc. are generally the only mechanism to overcome a breach.

Most people eschew such ideas and loss of privacy. What else might Big Brother want to know? Would they like to put in a database my DNA, predict my lifetime or current health (and my offspring's health)? Should my life expectancy and health expenses be adjusted accordinging?

Any manner of companies would love to have this information at hand! Expensive people with debilitating diseases could be charged more by health insurance companies, for instance.

I have been blessed with wonderful health. I want no electronic nurse around or to participate in and undisclosed study.How would you know about tweaked or leaked information, which happens very frequently, even at companies as prestegious as IBM (International Business Machine)? How would you correct this information?

Old as I am, I am no moron. Particularly after a particularly bitter divorce. Many people, including ex, spared no effort at making my life difficult, apparently unaware that his fat spounging lawyer was the main monetary recipient.

How to Keep Track of Passwords

One of my professors stated he had an algorithm (meaning a well-defined method) for keeping track of each password he used. Part of his algorithm included Finnish words, since he spoke fluent Finnish.

Password cracking programs often use standard dictionaries as a base. English dictionaries are used primarily, not surprisingly. Then they may substitute common letters, cars in particular are favored. “2003 Lumina” May seem secure to you, but not to somebody who knows you or can look up Motor Vehicle information.

Few password hacking mechanisms include support for the Finnish language! Password hacking programs are commonly available on the Internet. They use dictionaries from different languages. The number one language would be English; other common ones are Spanish, French and other Indo-European languages.

One Call Center product I worked on had support for Japanese and Chinese, but I admit complete ignorance in the area of translation and computer characters allowed for each.

There are products available to remember passwords, but obviously, you will have to fork out moeny for them and may be required to use them from computers at home, when you may not be at home.

Potential Solutions

Clearly, keeping track of passwirds us is a difficult problem. It is unwise to keep any password on a post-it in a psyical security sense. Keeping them together in an online file makes all of them vulnerable.

My suggestion is to select something unique about yourself and combine it with another method or "algorithm". It may be unwise to have a trusted secondary person on your accounts, but that assumes you will never get divorced or otherwise distrust this person later. Nobody likes to think of these things, but ID theft costs substantial time and money to repair.

Any further enlightenment on this subject is welcome!

More by this Author


Comments

No comments yet.

    Sign in or sign up and post using a HubPages Network account.

    0 of 8192 characters used
    Post Comment

    No HTML is allowed in comments, but URLs will be hyperlinked. Comments are not for promoting your articles or other sites.


    Click to Rate This Article
    working