The 2016 FSHS Proceedings will be on our website at fshs.org soon. It might even be there by the time you read this article. So, go to fshs.org and log in. You should see the latest volumes at the top of the Proceedings Page. (If not, contact us and we’ll update your membership to ensure access.) Reset your password from our Login Page if you lost it or need a stronger one. Note many experts now recommend changing a password only if it’s weak or if you’re concerned it’s been compromised.
About Passwords You hear about data breaches in the news more often today. Wikipedia references over 200breaches from organizations like Apple, Target, CitiGroup, Chase, and even Yale. The reasons range from hacking, to inside jobs, to poor security. The website, Have I Been Pwnd, allows you to check if your user credentials were exposed in any of several well-known leaks. Enter your user name in the text box, and it’ll show if your credentials were exposed. There’s no need to panic if you get a positive hit. It’s possible, but unlikely, that your specific login was targeted. But be sure to follow up on the indicated websites and secure your information using stronger credentials.
Creating a Good Password As recently as 2014, eight-character passwords were considered effective. But passwords get less secure over time. Today, twelve-character passwords are becoming standard. More characters are better, but twelve is probably okay for now. There are several techniques for creating passwords, but coming up with an effective one isn’t always easy. Conjuring one “off the top of your head” might not always be the best idea, though. Not only do you have to avoid a bad password (caution: some examples are NSFW), but humans can unconsciously over-simplify what they think is a random password. For example, simple substitutions like 1 for t, ^ for V, 3 for E and $ for S are popular and don’t improve security. (That’s why I don’t use $13^3 as a password!)
Password Padding An improvement on the above is to use “password padding” as described by Gibson Research Corporation. The idea is to use an easily-remembered password phrase and add more padding that’s also easy to recall. Padding is random upper- and lower-case letters, special characters and numbers. It differs from the above substitution method because the padding is used in unexpected ways. The result is easy-to-use passwords that are essentially unbreakable. A simple example using this latter method is “fsHsgroups=fun2awl”. Passwords like this thwart dictionary attacks. Why is this important? Even a fairly simple desktop set up can perform billions of offline crack attempts per second.
How Good is Your Password You can get a general idea how effective your password is by testing it’s “strength”, or entropy. There’s debate about how to interpret password strength, but one check I use is the WolframAlpha Password Strength Calculator. Their system will calculate the strength of an entered password. The two most informative results are the “time to enumerate” and “password entropy”. Entropy is a measure of how difficult the password is to crack. Higher entropies (greater than 50 and 100) are better. It’s best not to test your actual password, but something similar, though. Wolfram also shows alternate passwords of similar strength, with options to show more at the bottom of the results box. Try your own random password example to see if you can get it above 50 or 100 bits.
Password Generators Another way to devise good passwords is a password generator, such as Gibson’s Perfect Passwords. This is the general method I use. A password generator will produce long strings of completely random sequences of characters. I often select passwords of 30 to 50 characters from those generated. Also, it’s good practice to use different passwords on different websites. For example, you don’t want to use the same username and password combination at two different banks. For more ideas on coming up with your own password policy, download this password cheat sheet by Take Control Books.
Protect FSHS Content The payoff for using the above techniques is improved protection of personal website credentials, assets and identity. And you can also help FSHS and your fellow organization members. By using an effective password on the FSHS website, you make the site more difficult for unauthorized persons to gain access. That both protects and makes FSHS content more valuable to you.
Disclaimer: The author’s content above is provided AS-IS and solely for informational purposes, without warranty of any kind, and should not be construed to be professional advice of any kind.