On Passwords

I’m hoping that most visitors to the site take a moment to visit A Few Words on Security; I think it’s an ethical necessity (and a legal necessity, in many cases) that we are able to address electronic security in the application of this type of technology to therapy. Therefore, I will also regularly link to articles like this one (or this one),¬† which contain useful and updated information about changes that we need to be aware of. Technology, in most cases, moves so quickly that we can’t wait for our yearly CE binge to get up to date on everything that has changed in the past year.

The linked post discusses password strength, some myths about passwords, and the factors that go into making a good password that you can actually remember. If you’re stuck in one of those settings where you have to have a 16-character password with a number, punctuation, and three different capital letters spread out throughout the thing, I feel for you and share your pain. But did you know that such policies actually encourage us to use less secure passwords? Many people at my worksite tell me that they just change the number at the end every month. If their password isn’t that great to begin with, then this policy certainly doesn’t help. This gets more important as computing power increases, and “brute force” password cracking is not as difficult as it once was.

The short version, though I encourage you to read the whole original post: a memorable combination of words or characters that correspond to an easy-to-remember sentence. The author of the post uses the example Jog Step Rat, for that time that he stepped on a rat while jogging. Memorable, I’m sure. Another example would be something like tGWlf14t18. Looks like gibberish, but the Great War did last from 1914 to 1918.

I’m just glad that my bank doesn’t have any limitations on what I can use as my password. Not that there aren’t other ways to hack banks, but every little bit helps. There are some good tools that will estimate password strength, but you don’t want to rely on them too much, either. (Two examples are the password strength test page and the password strength checker).

This discussion is also best summed up by this comic:

A technical explanation of the comic is available here.

Advertisements