Digital Password Protection
Hiding Your Passwords in Plain Sight
by George Milner, BOL Guru
Yes, we know. You should never, never write your password down. That would be dangerous. Of course we all know to create complicated, long passwords made up of letters, numbers, and punctuation. It goes without saying that you will have a different password for each online account or service you use. Otherwise you're putting your personal information and identity (and perhaps your institution) at risk.
The Advice…
The advice is, "Don't write your password down." We've heard it before and many of us have ignored the advice. For those that create unique, long, complicated, and unique passwords for each of their accounts - congratulations. Your data, information and identity will hopefully remain secure. But that only goes so far.
The Reality…
But let's get real. How many people actually write down their passwords? What would you guess? Five percent? Twenty-five percent? What kind of risk would there be if a quarter of all online account users wrote down their passwords? Forget that. The reality is scarier. A study of 3,000 bankers, conducted by Rainbow Technologies, reveals that 55% of us write down at least one of our passwords. Incredibly, almost 10% write down EVERY password. That seems to defeat the purpose of a secret password! Take a close look at these numbers. Think about what they mean. And remember, this survey was based on computers used at financial institutions.
Facts about Passwords used on financial institution computers:
- 9% write every one of their passwords down - on paper or on a file
- 55% write passwords down at least once
- 40% share passwords with others
- 25% have at least eight passwords on their systems at one time
- 80% of financial institutions have implemented password strengthening practices such as requiring combinations of numbers and letters - leading to increased practices of writing down the passwords
- 51% of users require help from tech support because they forgot their passwords
Source: Rainbow Technologies survey, 3000 responses, OC Report
The Bigger Picture
Now think about all your customers. Do you think that they are more careful than the average banker? Not a chance. How often have we heard the story of the ATM PIN number taped to the ATM card itself? That's not just a story. It's a common problem. Part of the reason that identity theft is so prevalent is that, as a group, we're pretty sloppy with our passwords. If 40% of bankers are sharing passwords, what do you think the numbers are out there in the real world? Frightening.
What should you do? Should you stick to the tried-and-true "Don't write it down!" mantra? Yes. But don't stop there. Recognize that reality shows us that a large percentage of our fellow workers, colleagues, and customers will create simple passwords, write them down, and share them. And then, to top it off, they'll call your help desk when their system has been compromised so that you can solve the problem.
There ARE Real World Solutions
OK. So it's a given that there is rampant abuse of password protection. What should you advise those who are likely to write down their passwords? Tell them to go right ahead! BUT - tell them to take precautions. It is possible to maintain a level of security far greater than simply some numbers on a sticky-note.
The Key is Layering
You've probably signed up for a service that asks you to come with an answer to a common question. For example, "What's your favorite pet's name?" or "What's your favorite travel destination?" Do they care about your dog Sherlock? Of course not. They've created another layer of security that can be used to validate who you are. You can do the same thing with your own passwords. For example, let's say you commonly use three or four different password variations. Think of one of them. Then think of a letter that will remind you of that choice. You could safely write that letter down to remind you - and only you - of the actual password. Let's see how far we can take this.
Let's say your password is 'happydays'. You might jot down the letter 'H' to remind you of that. Good start. Now, what if you decided to substitute the @ for all 'a's in a word. And, maybe you could come up with a number combination that you could use to surround all your passwords. Now, that single letter 'H' could represent the password 6h@ppyd@ys7. It's far safer to write down a single letter than it is to spell it out.
Do you still want to write out your entire password? Not such a great idea, but if you do, why not create a little code that only you would know.
For example, here's my password: 8k$]]ig$if9
That looks like a good password, but if someone finds it, they probably won't guess that I wrote down the character that appears two keys to the right of each of the letters in my 'real' password. So, what's my 'real' password? That's easy, look at a keyboard and figure out what's on the key two keys to the left of each of the above characters. And what do you get? The same password we used before: 6h@ppyd@ys7
You can come up with lots of ways to hide the actual information, just make up one or two simple rules that you can apply to any information that you write down. Even this may not be enough. If someone is intent on cracking the code, you may want to do more. Let's add one more (simple) layer.
The Magic of Invisible Ink
OK, so it's not really magic, but a pen with UV-light sensitive ink, along with a small built-in blacklight will allow you protect your passwords even more. (And have a bit of fun while you're doing it.) We've designed a special Digital Register that you can use to store all your important information.
Watch this short video as Andy Zavoina, one of our BOL Gurus, describes just some of the ways that this Digital Password Protection Kit can be used.
Click below to check out the Digital Password Protection kit!
Use a regular pen to fill in information on every other line. Use the UV Pen to write your password down in 'invisible' ink. Used in combination with some of the layering techniques described above, you can have an easy-to-use, simple, and secure system for storing your sensitive information. You will finally be able to create those long, complex passwords that provide security -- and have a way to remember them.
And it's not just for bankers...
Do you think your customers could benefit from this kit? Used as a giveaway when opening new accounts or for a promotion to gain new business, it will show your customers and accountholders that you are serious about password protection - while helping your institution deal with the reality of password abuse. Remember, a huge percentage of your passwords will be written down. This system provides an extra measure of security. We've designed, packaged, and priced the kits to be affordable when purchased in quantity for promotional purposes.
For more information about the Digital Password Protection Kit, click on this link and order one today!
At the end of the day...
Are you safer if you commit all your passwords to memory? Only if you follow the guidelines to create long, complicated, and unique passwords for each of your accounts. This password protection package will arm you with the information and tools you need to keep your information secure - without requiring you to memorize long lists of difficult passwords.
You really can hide your passwords in plain sight.
Copyright, 2004, Bankers Online. First published on BankersOnline.com 12/1/04.
Privacy Policy Disclaimer Recommend This Site ! Contact Us
BankersOnline is a free service made possible by the generous support of our advertisers and sponsors. Advertisers and sponsors are not responsible for site content. Please help us keep BankersOnline FREE to all banking professionals. Support our advertisers and sponsors by clicking through to learn more about their products and services.
|
Print Friendly!
Email This Article!
Discuss NOW!
