EPC’s Computer Recyling Blog

Dealing with password fatigue

How many passwords do you have? According to a study done by the NTA Monitor in 2002 the average computer user has 21 different passworded accounts. Twenty One! And that was before Facebook, Twitter, or any other social networking tool. I personally have well over 100 distinct account credentials on various websites and servers.

It’s no wonder that many users resort to picking easily guessed words, put passwords on sticky notes, or use the same password for every service out there. A recent study even indicates that IT security professionals are suffering from password fatigue.

Password Managers

One solution to password fatigue is using a password manager. Many operating systems, like OSX and Windows 7 even include password management tools within. My personal favorite is KeePass, an Open-Source manager that was developed for Windows, but has been ported to OSX and Linux.

The main drawback with password managers is that they require extra effort to maintain. Every time you create a new account or change a password on an existing account you have to keep your password manager in sync. Over time it is easy to have the wrong password on file, or worse, not have the password you need on file.

Password Schemes

An alternative to password management tools is coming up with a consistant scheme for generating new passwords. The idea is that if you use the same rule for generating passwords, you can figure out what the password would be.  One scheme is to use a base password, then append something related to the service. So for example, your base might be ‘asdf’. So if you were creating an account on Yahoo you might use the password ‘asdfyahoo’ or ‘yahooasdf’.

The drawback with this approach is that each site has its own password guidelines. Some require alpha and numeric characters, some require a combination of upper case and lower case, and others require extended characters like ‘$’ or ‘&’. Coming up with a scheme that supports all the requirements is a challenge. And what about services that require your password to change regularly. Either you have to create multiple base passwords or multiple service keywords – and once you do that you are back to keeping track of individual passwords.

Choosing Memorable Passwords

A third option is picking passwords that are easy to remember. The challenge is in picking a password that is both easy to remember and secure. For example, while everyone can remember ‘password,’ it is not a very secure choice.

One trick is to pick a phrase that can be remembered such as ‘The fox jumped over the tall hedge’ and use the first or last characters from each word. So in our example phrase you might use the passwords ‘tfjotth’ or ‘exdrele.’

While this approach makes passwords easier to remember, you still should not use the same password for every service, so it makes sense to pick a few phrases that can be remembered and cycle through them.

How do you deal with the many passwords in your life?

Tags: computer security, Data Security, passwords, security

Links of the Week: Data Security Edition

There were some great articles on CIO.com this week relating to Data Security. Here they are plus a selection of the best IT Data Security articles in the last week:

• Heartland CEO: QSAs Let Us Down
  In the review of what led to the Heartland credit card breach, Heartland’s CEO Robert Carr points to the PCI compliance auditors that passed the company before the breach – “PCI compliance doesn’t mean secure. We and others were declared PCI compliant shortly before the intrusions.”
• Opinion: Heartland CEO Must Accept Responsiblity
  A counter point to the previous article. Mike Rothman asserts that by attempting to blame the QSAs for the data breach they are learning nothing, and not addressing the root issue – “To be clear, you cannot outsource thinking. You cannot outsource security.”
• 8 Dirty Secrets of the IT Security Industry
  Are IT Security vendors really interested in improving your network’s security? Joshua Corman from IBM’s Internet Security Systems division details 8 trends in the IT Security market that help undermine a network’s security.
• Social Engineers’ 9 Favorite Pick-Up Lines
  Social Engineers leverage the trust people have in the familiar to gain access to facilities and networks. These 9 examples illustrate how easy it is for that trust to be abused. How many would you (or your employees fall for)?
• Hackers have Social Networking sites in their crosshairs
  In a recent study Breach Security, hackers are attacking Social Networking sites with increased frequency, accounting for 19% of online attacks in 2009.
• Twitter used to control botnet
  It was a matter of time, but Jose Nazario of Arbor Networks discovered a botnet that used Twitter for its command and control infastructure. While the account in question is obviously not a person, how long before a botnet writer creates an account that looks legitimate at first glance?

Tags: Data Security, Heartland, Social Networking, twitter

EPC Celebrates MO Sales Tax Holiday by Opening Warehouse to the Public

In an effort to help parents with the costs of sending their students back to school, Missouri has established this weekend as a Sales Tax Holiday. From 12:01 a.m. on Friday August 7th to midnight on Sunday the 9th, certain back to school items are deemed tax exempt.

Included in these tax exempt back to school items are personal computers and computer peripherals. To enhance this tax holiday, EPC is opening our warehouse to the public for a huge sale. All items will be at least 15% off of our already low prices in addition to the discount from the exempted tax.

On Saturday, August 8th, from 8am to 2pm only, customers can browse through the thousands of laptops, desktops, servers, printers and every other computer-realted hardware and peripherals that can be found in our warehouse – a space that is about the size of two football fields.

For more information about the Missouri Sales Tax Holiday stipulations, you can check out the Department of Revenue’s website.

Tags: August 8th, back to school, computer, Computers, desktops, epc, laptops, Missouri, peripherals, printers, sale, Sales Tax Holiday, servers, Tax Free Holiday, warehouse sale