Beruflich Dokumente
Kultur Dokumente
I think probably all of us get many questions about passwords–I know I do. More than
about any other topic. Below are notes I use when presenting on this, whether for a class or
one-on-one. They are only prep notes, not a class outline. For one thing, you can usually
expect a new “breaking story” in the news about a new security breach at a big company
on any given week that you might be presenting.
Security is protecting financial and related information that could cost you or cause serious
trouble if shared publicly. For example: bank accounts, credit cards, social security, and so
forth.
Privacy refers to information that may be embarrassing if shared, but not likely to lead to
fraud or damage like security issues above. For example comments in an online
discussion, posts on Facebook or Twitter, rash responses to offensive posts in the
Comments below a news article.
Passwords
A strong password is perhaps the single best protection a person can use, although it’s
never a guarantee of security. On the other hand, forgetting or losing passwords is one of
the most common headaches plaguing our online experience. The loss of a single Bitcoin
(cryptocurrency) password cost account holders $190 million in February 2019. Yes, that’s
right, $190,000,000. Bitcoin and its imitators make security their main concern, and
consequently there are no ways for administrators or anyone else to reset a lost password.
All gone.
So yes, you want strong passwords for accounts that require security, but you also want
ways to recover them. More on that below. However, not all accounts require high security.
For example, an account to register your new printer with HP is not worth a moment of a
hacker’s time to break into, so high security is unnecessary. Take a minute to list all the
accounts you have with passwords and think about how many require great security. Most
of us will be surprised (shocked?) at how many accounts we accumulate (75?).
Making strong passwords is easy and familiar by now to most of us: use more characters
rather than less, and use a combination of upper and lower case letters, numbers, and
special characters. A great way to start checking password strength is to type your
password into the Password Meter at at www.passwordmeter.com.
But that test is not perfect; it rates the expletive in the title of these notes, !@#$%^&*, as
“Strong”. But it’s not, even though it is widely used. Neither is QWERTY or 1qaz2wsx. All of
those are common keyboard sequences, and those should be avoided as much as
common words or phrases like “mypassword” or “LetMeIn” (which are also among the most
common passwords).
Password managers
These apps can generate very strong passwords–typically something like “96Pg8V:!Tb2+”.
Password manager apps include LastPass, MyKi, LogMeOnce, Encryptr, and others (some
free, some not). A password like “96Pg8V:!Tb2+” is fine if you can always access the
password manager (which has it stored for automatic entry). Not so fine if you are
sometimes in situations where you can’t access the password manager.
So, strong passwords that are easy to remember require another approach, most
commonly a longish phrase with personal meaning that can incorporate numbers and
special characters. For example, CLC@1663MissionSt is long enough and complex
enough that it would take 93 trillion years for cracking software to break it. Plenty strong
enough for a bank account. You just want to be sure to not use the same password on
multiple accounts, so that if a password is stolen (via an inside job, etc.), that won’t affect
additional accounts.
Share your passwords! Yes, this contradicts the most common kernel of advice about
security, but think about it. If you’re in the hospital on pain meds but you need to pay your
bills, wouldn’t it be nice to have a family member or friend (or social worker or lawyer, etc.)
be able to help you out? In my experience of 30 years of computer help, I’ve not found
anyone who has lost money from a data breach, but many folks who have had serious
problems from forgetting passwords.
This has now become such a widespread issue that you can now incorporate the relevant
instructions in your will, either in the body of the will whenever you might redo it, or more
practically as a codicil (a kind of appendix). You can search law websites for appropriate
language. One good guide is the article “Assist your parents' to take control of their digital
legacy: Protect your parents' internet identity after they're gone” by the elder law firm Gray
& Feldman. Recently a few states have addressed the problem in part by passing a version
of the “Uniform Fiduciary Access to Digital Assets Act” which grants access to digital assets
to trustees, executors, administrators, agents under a power of attorney, and guardians.
However, such legal recourse is partial and cumbersome unless everyone involved is well
prepared.
Privacy, credit card fraud, and identity theft are, of course, related topics, but it’s best to
deal with them separately. KK has posted on Basecamp an excellent article, “Hands off my
data! 15 default privacy settings you should change right now” on privacy settings for
Facebook, Google, Amazon, Microsoft and Apple. (On Basecamp, go to Computers &
Access › Docs & Files › Online Safety & Security).