Information Security: PIN Codes and Passwords | Travel Research Online

Image
Image

Information Security: PIN Codes and Passwords

Welcome to the final installment in our series of articles discussing information security. You can catch up on past articles here: #1, #2, #3, #4 and #5. This time around we’re going to discuss something that you might not normally thing about: PIN codes and passwords.

How many of you use a password on the main computer on which you keep client information so that if it’s lost or stolen the criminal doesn’t have instant access to your hard drive? How many of you use a PIN code to lock your smartphone or tablet for the same reason?
I’m going to guess that the number is fairly low. There’s a reason that you need to have a user ID and password for most online systems: it’s the first line of defense against the bad guys. You need to have a password to protect your computer just like you do for your online activities. (Some smartphones also support passwords, but many just support PIN codes. Either way, though, you need to have one on there, too.)

First off, you need to know what passwords to avoid. Never use a word that can be found in any dictionary (including foreign languages or medical dictionaries). Avoid names of people, pets, companies, sports teams, or cities. Never use birthdays or anniversaries. Never use passwords used as example and stay away from any simple sequences like qwerty, 123456, or abc123.

The length and complexity of your password is directly related to how long it will take someone to break it. (And I want to be clear that all passwords can be broken – it just a matter of how long it takes.) As an example, an 8 character like pwlsmxgh would take less than 8 minutes to break. By comparison, an 8 character password like Pwl$mxg4 would take about 162 days to break.

That’s also one of the reasons that you should change your password every 90 days – to reset the counter if someone really is trying to hack you.

You need to be savvy in creating a password that’s easy for you to remember, but difficult for someone to guess. There are a couple easy ways to do this. The first method is to combine initials, dates and special characters.

  • Your first and middle (or last) initials
  • A significant number (birth date, birth year, anniversary, age, etc.)
  • Another family member’s first and middle (or last) initials
  • A significant number to that family member
  • A third family member’s middle (or first) and last initials
  • A significant number to that family member
  • A symbol from the keyboard

Put it all together (or mix it up), and you get a relatively simple to remember 13 character, complex password like tm14kj39pr87~ or 67td12jb08fv$

The second way to come up with a very long, secure password is to use a pass phrase instead. Most systems today allow very long passwords. The advantage of a passphrase is that they’re easier to type and generally more secure than passwords because of their length. Some examples are listed below.

  • $nakes0nAPlane (14 characters)
  • {WeakPasswordsAreUnacceptable} (30 characters)
  • Gee,IWishICould Pick@GoodPassword (41 characters)
  • StrongPasswordsAreEasy2Remember (31 characters)
  • ILike!nformation$ecurityTraining2011 (36 characters)
  • TheBr0wnF0xJumped0verTheLazyD0g! (32 characters)

In addition to creating strong passwords, there are a couple things that you need to remember about keeping them safe. Think of your passwords like your underwear:

  • Change them often.
  • Keep them hidden (don’t write them down).
  • The longer, the better.
  • And don’t share them with friends

As for this last bullet, giving your password to someone means that they can do anything as if they were you. That includes downloading illegal files, sending harassing emails, or trying to access confidential information. And guess who will be dealing with the consequences? That’s right, it will be you.

I hope that you’ve found this series of articles to be of value, and that you’ve been able to find new ways of keeping you, your business, and your clients’ information safe and protected.

 

John Schaefer is an information security expert with over 20 years of experience in Global 100 corporations. His experience includes application development, network operating systems, network hardware, and security architecture. He is the Chief Technology Officer for Eastvale Consulting Services, Inc.

Susan Schaefer is the owner of Ships ‘N’ Trips Travel (www.shipsntripstravel.com) located in Brentwood, Tennessee and specializes in leisure travel with a focus on group travel and charity fundraisers. Through their division Kick Butt Vacations (www.kickbuttvaations.com) she focuses on travel for young adults under 35. Susan can be reached by email at susan@shipsntripstravel.com or by phone at (888) 221-1209).



 

Share your thoughts on “Information Security: PIN Codes and Passwords”

You must be a registered user and be logged in to post a comment.