ArtsAutosBooksBusinessEducationEntertainmentFamilyFashionFoodGamesGenderHealthHolidaysHomeHubPagesPersonal FinancePetsPoliticsReligionSportsTechnologyTravel

Password Strategies

Updated on May 8, 2012

Oh, what password at this site?

Variability of password requirments make remembering them a real pain!
Variability of password requirments make remembering them a real pain!

The Pain, but Need for Passwords

As more people take classes online; transact business online, either as a customer placing an order, trusting that a vendor holds your sensitive banking or credit card services in confidence; or finally at financial institutions transacting business between banks, the numbers of passwords the average person must maintain becomes almost intractable.

First, at educational institutions, keeping your password unknown will insure that no nearby student is able to steal your work or results on some online examinations.To fight this illegal activity, many institutions now key up a different test depending on student ID number, a wise move, since student cheating is very common.

Second, businesses prefer your business online and like to offer the client the option of storing a password associated with the client's bank account or credit card. This eliminates the need to hire call center agents, saving organizations vast amounts of money, as well as convenience to clients.

This assumes the business will maintain the security of the storage system. I worked for IBM, whose information was compromised. IBM gave those whose information was compromised free credit inspections for two years, as I recall.

Sadly, to both company and client, when information becomes compromised, others can order products delivered wherever or worse, carry out identity theft. More often than not, these Social Security Number breeches are made by inside employees. Careful executiion of common security practices within the company can usually detect a law-breaking employee and is one reason why employee background checks are now common.

Third and most critically of all, banks and other financial institutions want enormous security when you look at your bill, add, transfer money etc. This can become painful to the client, especially if required to remember obscure passwords.

I well remember all my elementary school teachers and knew the school. (Sadly, ex-husband knew the school also. But not the names of the teachers. Many companies offer the ability to choose your own secuirty questions to recover lost passwords, a smart move. Ex hardly knew the name of my third grade teacher!

Retrieving Forgotten Passwords

As the number of passwords mounts, the frustration of retrieving them similarly mounts, both to vendor companies, but particularly to the client, who typically uses several companies for online banking, shopping, etc.

I feel the best password strategy retrival mechanism is answering obscure questions that only the client would know. My favorites are

  • Who was your first grade teacher?
  • What elementary school did you attend?
  • What city was this in?
  • What school did you attend in the 8th grade?

Best of all is when the client can choose their own question to retrieve a forgotten password. This type of question (called a challenge/response) are virtually impossible for an unaffiliated person to answer.

Another good password retrieval method is to get a temporary password by telephone. Telephone convesations are heavily regulated and penalties for infractions are much worse and more traceable than e-mail infractions. I and only I know the password for my phone, even if I have to access it remotely.

There is software and other devices which can store passwords for you. These are usually bundled in a larger security package and typically use a master password to find one you have forgotten. Other companies also have specific offerings to do this securely and accept liability if a password is illegally used causing financial loss.

How to Keep Track of So Many Passwords

However, there are a variety of mutually exclusive mechanisms each site may require in passwords for their online sites:

· At least one number or no numbers permitted

· An upper case and lower case (Generally available anywhere)

· A punctuation symbol or the denial of a punctuation symbol

· Certain length

This all becomes baffling to the individual desiring to transact online because each site generally imposes their own conflicting mechanisms! In my experience, this approraches being combinatorially impossible, for any math geeks out there, given so many conflicting password requirements.

Thus, people write down passwords, which is highly dangerous if someone has access to where it is written down. I have seen many post-it notes on computers I supported with password in plain sight!

In the case of a punctuation symbol, I supported a Math Department where one professor chose to use Microsoft software to connect a PC to a Unix server. He chose a space as part of his password. The Microsoft software sent only the characters before the space, although the Unix machine could have handled that.

Not to bash kindly professors, but many think they are practically gods! Naturally, it was my fault the connection did not take place! But client and server must agree on connections like these.

The Need for Passwords

The ability to take care of mundane tasks on the Internet frees up many car or public transport trips. That does require a security mechanism like passwords, to free up the necessity to show up in person with an ID. (Upon a security compromise, however, be prepared to head out, two feet of snow or not!)

If physical presence is required, ID usually is satisfactory. IDs can be stolen, however. Unless a person is willing to have a microchip installed under skin, like a pet dog or cat or allow their retina to be scanned, IDs/passports, etc. are generally the only mechanism to overcome a breach.

Most people eschew such ideas and loss of privacy. What else might Big Brother want to know? Would they like to put in a database my DNA, predict my lifetime or current health (and my offspring's health)? Should my life expectancy and health expenses be adjusted accordinging?

Any manner of companies would love to have this information at hand! Expensive people with debilitating diseases could be charged more by health insurance companies, for instance.

I have been blessed with wonderful health. I want no electronic nurse around or to participate in and undisclosed study.How would you know about tweaked or leaked information, which happens very frequently, even at companies as prestegious as IBM (International Business Machine)? How would you correct this information?

Old as I am, I am no moron. Particularly after a particularly bitter divorce. Many people, including ex, spared no effort at making my life difficult, apparently unaware that his fat spounging lawyer was the main monetary recipient.

How to Keep Track of Passwords

One of my professors stated he had an algorithm (meaning a well-defined method) for keeping track of each password he used. Part of his algorithm included Finnish words, since he spoke fluent Finnish.

Password cracking programs often use standard dictionaries as a base. English dictionaries are used primarily, not surprisingly. Then they may substitute common letters, cars in particular are favored. “2003 Lumina” May seem secure to you, but not to somebody who knows you or can look up Motor Vehicle information.

Few password hacking mechanisms include support for the Finnish language! Password hacking programs are commonly available on the Internet. They use dictionaries from different languages. The number one language would be English; other common ones are Spanish, French and other Indo-European languages.

One Call Center product I worked on had support for Japanese and Chinese, but I admit complete ignorance in the area of translation and computer characters allowed for each.

There are products available to remember passwords, but obviously, you will have to fork out moeny for them and may be required to use them from computers at home, when you may not be at home.

Potential Solutions

Clearly, keeping track of passwirds us is a difficult problem. It is unwise to keep any password on a post-it in a psyical security sense. Keeping them together in an online file makes all of them vulnerable.

My suggestion is to select something unique about yourself and combine it with another method or "algorithm". It may be unwise to have a trusted secondary person on your accounts, but that assumes you will never get divorced or otherwise distrust this person later. Nobody likes to think of these things, but ID theft costs substantial time and money to repair.

Any further enlightenment on this subject is welcome!

Comments

    0 of 8192 characters used
    Post Comment

    No comments yet.

    working

    This website uses cookies

    As a user in the EEA, your approval is needed on a few things. To provide a better website experience, hubpages.com uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

    For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at: https://hubpages.com/privacy-policy#gdpr

    Show Details
    Necessary
    HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
    LoginThis is necessary to sign in to the HubPages Service.
    Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
    AkismetThis is used to detect comment spam. (Privacy Policy)
    HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
    HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
    Amazon Web ServicesThis is a cloud services platform that we used to host our service. (Privacy Policy)
    CloudflareThis is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
    Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the googleapis.com or gstatic.com domains, for performance and efficiency reasons. (Privacy Policy)
    Features
    Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
    Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
    Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
    Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
    Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
    VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
    PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
    Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
    MavenThis supports the Maven widget and search functionality. (Privacy Policy)
    Marketing
    Google AdSenseThis is an ad network. (Privacy Policy)
    Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
    Index ExchangeThis is an ad network. (Privacy Policy)
    SovrnThis is an ad network. (Privacy Policy)
    Facebook AdsThis is an ad network. (Privacy Policy)
    Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
    AppNexusThis is an ad network. (Privacy Policy)
    OpenxThis is an ad network. (Privacy Policy)
    Rubicon ProjectThis is an ad network. (Privacy Policy)
    TripleLiftThis is an ad network. (Privacy Policy)
    Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
    Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
    Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
    Statistics
    Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
    ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
    Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)