I received that message again just the other day: Password Incorrect.
I don’t know about you, but for a moment that message kind of locks me up. Some passwords are easy to remember as I use them frequently. Others, not so much. Sometimes my mind is on auto-pilot and I mistakenly enter another password I frequently use and it does not work. When that happens, and I cannot recall the right one (brain lock?), I usually fumble around a bit before I find the right one.
Remembering passwords has become even harder in the past few years as companies have implemented even more complex strategies to create ‘hack-proof’ security for customer accounts. The use of special characters, numbers, upper case, lower case, no use of any prime number (kidding on this last one), and so on, make remembering them all virtually impossible.
Experts caution us about how we save passwords. Yet, we are urged to change them frequently. Well, those of you blessed with a much better memory than mine are probably doing just fine. However, in my case, I find myself concerned about saving the password in a bad place and then just waiting for that supreme hack that will rob us of all we own, our children and grandchildren, and our emotional security for generations to come. Not a pretty picture.
That said, I came upon an article in CNET the other day that essentially tells us that the methodology we have been encouraged to use to create our passwords for maximum security are now basically, well, ineffective.
Say that again?
Apparently setting up complex passwords comprised of random characters and symbols is not as effective as, say, setting up a password you make up with identifiable and simple characters.
Mind you, I am not talking about using ‘12345’ or ‘password,’ but much less complex and cumbersome than those we are challenged to create today.
Where did this opinion come from? No less an authority than the so called “father of the modern password,” Bill Burr.
In an article titled “Father of passwords regrets the advice he gave,” CNET writer Chris Matyszczyk writes that Mr. Burr recently has had a change of heart as to what comprises an effective password.
In 2003 Burr recommended that passwords should be made up of an entirely random string of letters and symbols. This was the best way known then to minimize the chance of a hacker guessing a password.
He has changed his opinion, however, and “It turned out that these are easier for hackers to crack than, say, weird words that you can actually remember. Like ‘gobbledegook.’ Or ‘nincompoop.’” Please don’t use these, though, as they are only examples from Mr. Matyszczyk.
Why the change of heart? According to Matyszczyk “Over the years, people seem to have used similar techniques to create their ‘random’ combinations, which made them actually less random.”
Well, then.
Matyszczyk says that we should not be too hard on Mr. Burr. I agree. When he wrote that opinion who would have guessed the level of constant hacking that goes on every day, and how successful so much of it is? Random strings of letters and numbers certainly seemed logical and safe.
What to do?
Certainly, do not use simple and easy to guess passwords. Most sites and apps still require password content to conform to their standards. We don’t have much choice if the password is required to be complex and as random as possible.
At A. Alliance we pride ourselves on the security of our systems and the protocols we use to protect our client’s data and secure access to our systems. We utilize multiple layers of security to ensure data integrity and do encourage our clients to change their passwords with some regularity and of course advise us when users change and new access credentials need to be created. However, it is good to know that we can potentially create easier to remember personal passwords that are more secure than originally thought. Password security, it would seem, does not always go hand in hand with complexity and inconvenience.
A. Alliance Collection Agency, Inc. is a full service, licensed accounts receivable management and debt collection agency providing highly effective, customized one on one management and recovery solutions for our business partners. Founded in northern Illinois in 2005, we have been proudly improving the bottom-line on behalf of our business partners in and around Chicagoland for over 12 years.