HJ-ED-DHJHerald Journal Columns
July 16, 2007, Herald Journal

So many passwords so . . . so little time

By MARK OLLIG

“You have six days until your current password expires.”

This was the message that flashed onto my computer screen recently while starting one of the computer applications I use at work.

Is it just me, or does it seem like we have too many passwords to keep track of?

We use passwords for opening our Window and Mac operating systems, passwords for our e-mail access and our personal online bank accounts. Not too mention (although I am) all those work related software programs we use passwords for in order to do our jobs.

In addition to the passwords, we sometimes need to consider the “user names” that go along with each software application.

The user name for some of my work related software applications is, “usrmao.”

Yep, that’s my user name the good folks in the Information Technology (IT) department came up with for me.

User Mark Anthony Ollig becomes “usrmao.”

When I see usrmao, it reminds me of “Mao Tse-Tung,” the former Chairman of the Peoples Republic of China.

This “mao” was born in 1893, so he had first rights to it.

Now back to those passwords.

I think we all understand the importance of passwords – and the need to keep changing them often so others can’t access our computer software applications.

When we create a new password, do some of us think we will remember it and not even bother to write it down?

I thought that way too – until the day I forgot my password.

It must have been after the fourth attempt to get my password right, that the application I was attempting to open stated that, “USRMAO has been locked out of this application, please contact the IT department or your local network administrator.”

“Wonderful,” I thought.

Of course, this means I need to get on the phone and call the IT department.

I spoke into the phone in almost a whisper – so my co-workers could not hear me say, “I forgot my password,” to the IT person.

Is that a hint of laughter I hear on the other end of the phone?

“No problem,” the IT person replied. Over the phone, I could hear the fast typing clicks on a keyboard. I was thankful when I heard, “There, just enter a new password and you’re all set to go.”

What makes a good password?

Creating passwords that are used at work (and at home) need to be creative; also, they should be changed at least every three months.

Most companies regularly schedule users to change their passwords in order to protect their software applications and computing devices.

You can bet that a great deal of concern will occur within a company when it is discovered that employee user names and passwords for corporate computer applications are being used by strangers.

Some rules of thumb for creating a safe password include making them at least six characters long. Using special characters like “$ # @ ! & *” in a password makes it difficult for someone to figure out. One bad habit I once had with changing passwords was adding a “2” to the existing password. Also, never use your name for a password.

A combination of numbers, letters and special characters are good passwords. So a password like “g3#9e$x$5” would take weeks or months for a computer hacker to crack.

You can also use a sentence that has a special meaning to you for a password.

A sentenced password might be, “My dog Spike is three years old.”

For your online eBay account, you could use a password like, “ebnpr2007.” “eb” for eBay, “npr” for a well-known acronym (National Public Radio) and “2007” for the year. This password is not a word in the dictionary and would be very difficult for someone to figure out.

Undoubtedly, the more characters in a password the longer it would take for someone else to decipher. Most importantly, if you create a good password, don’t forget it.

I suggest you write it down on a small piece of paper, and put it somewhere safe at home or away from your workplace so no one can “accidentally” find it.

Do not write down your passwords on sticky Post-it Notes and keep them on your computer monitor or under your keyboard. This sounds like a no-brainer, but I have actually seen user passwords on Post-it Notes near computers.

Note that it is not a good idea to use the same password for everything.

Having a single password for all your applications can be risky . . . some security professionals compare this with leaving available the “keys to the kingdom.” That “kingdom” is access to all your important and sensitive personal and corporate software applications.

Microsoft’s website has ideas and suggestions on password protection you will find helpful at: http://www.microsoft.com/protect/yourself/password/create.mspx.