« GoogleApps and teacher transparency - 3 | Main | GoogleApps and teacher transparency - 2 »
Sunday
Oct062013

BFTP: Strong passwords, weak security

A weekend Blue Skunk "feature" will be a revision of an old post. I'm calling this BFTP: Blast from the Past. Original post, October 1, 2008. Perhaps the new iPhone's fingerprint recognition will prove workable and spread to other devices and applications, rendering this concern moot. 

D7B3BE289B1020A8A1D25FFC74

That's the password to log on to our WEP encrypted wireless access in one of our district's meeting rooms. With one or two changed characters, of course.

I've always had a suspicion that the requirement for a "strong" password really creates more security problems than it solves under most circumstances. Strong passwords require a minimum number of characters (12-14), need to be a combination of numbers and upper/lower case letters, and often need to forced-changed on regular basis.

Which all leads normal people to write them down and hide them in a convenient place - top desk drawer, under the desk blotter, on a sticky note adhering to the monitor...

The rationale for strong passwords is they are harder to discover if one runs a fancy password-guessing program to crack a computer security system. These programs rapidly try all common words and names in an attempt to gain access.

So the question I have to ask is: Which is more likely: a middle school student having access to a cracking program or knowing that passwords can be found under the teacher (or parent) desk blotter? 

There are compromises that involve mnemonic clues to remembering strong(er) passwords:

  • add a date to a child's or pet's name (sammy411)
  • substitute numbers or symbols for letters (r0o$evelt)
  • create an acronym (1itln - one is the loneliest number)
  • write the password down but with a change in a single character that one can actually remember 
  • (Other good suggestions were left in comments on the original post.)

None of these shortcuts are recommended by an computer security expert, I am sure. The NSA, Google, Apple, or whoever the villan du jour of conspiracy theorists are can get to my data anyway.

Social hacking remains the number one computer security threat, at least according to the things I read. If you call someone and say you are from so-and-so security firm and are conducting an audit and need to verify his/her password, a high percentage of people happily divulge that information.

At last count, I have 113 different programs and websites that require a password for either school or work.- about double the number when I first posted this entry five years ago. I have them all stored in a password-protected database on my computer. Were a person able to obtain access, horror or horrors, s/he would be able to see my frequent flier miles, credit card and bank balances (both embarrassing), and edit my school web page. There are some benefits, sigh, to living a dull life.

So how do you create passwords that are difficult to guess but easy to remember? What are the practical rules for passwords schools should establish - and teach to kids?

EmailEmail Article to Friend

Reader Comments (1)

Perhaps someone would like to hack into my webpage and update it. That would save me some time.

October 21, 2013 | Unregistered CommenterGwen Martin

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>