7 minute read
TECHNOLOGY
Real Talk About Passwords
by: Aaron Rich, CEO of ARCITECHX IT Consulting
As a guy who runs an IT firm, I can assure you I may have taken Bill Burr’s name in vain a time or two. While most of you would probably say, “Who the heck is Bill Burr?”, I would declare to you he is a person that has single handedly made your lives more difficult on a DAILY basis. I’ll get to his apology in a bit. He is truly very sorry. Really, he feels terrible about it.
You see, Burr is the former manager at the US National Institute of Standards and Technology (NIST). In 2003, Burr drafted an eightpage guide on how to create secure passwords called the “NIST Special Publication 800-63. Appendix A”. That innocuous sounding document was what outlined the standard by which our password complexity rules across the web were founded, causing grief for people across the globe for decades to come. Now retired from his life of bureaucracy, he has fessed up to not knowing what he was doing when he set the standard for password complexity that creeps it’s way into our lives every day. Everything from your email account to your bank login to your Amazon account to your TikTok login all have a standard that requires an uppercase character, lowercase character, numeral, and special character.
One thing we can all agree on is that password complexity rules are annoying. As Burr retrospectively sums up his torturous approach to passwords “It just drives people bananas and they don’t pick good passwords no matter what you do.”
The reality is that most of those factors involved in the standard devised mean very little to making a password harder to hack. Really all Mr; Burr did was make it much harder on humans to remember their passwords and thus actually make it easier for computers. You see, the most significant part that really makes a difference is password length.
The less characters you have for your password the far less combinations of potential options a password could be and thus it can be incredibly simple for someone to brute force break your shorter password. It’s just mathematics really. In a 5 character password, the potential combination of characters is about 60 million. That might seem like a big number but certainly not to a high powered computer capable of running through those combinations in quick order. In fact, given the processing power in today’s machines, a 5 character password could be broken in about 0.03 seconds!
On the other hand, if you go with a 12 character password there are 475,920,314,814,253,376,475,136 combinations of characters. I’m not certain of how to even pronounce that number but it equates to taking approximately 7.5 million years to break.
In today’s world, it is incredibly important to have secure passwords and protect your personal information. We constantly hear about breaches in security and you’ve probably seen dozens of your friends get their Facebook or email accounts hacked. So let’s talk about how to protect yourself and some discuss real tips based on common sense and bureaucrat-free logic that help contribute to a strong password you might actually be able to remember.
Common Sense Password Techniques
Make your passwords 12 or more characters long. Just like we covered above, it’s mathematics that the longer the password the more potential combination of possibilities. That does not mean you have to make it a bunch of gibberish for it to work. For example, the passphrase “LetsTac0boutiT!” is 15 characters and has character variation and is therefore more secure and infinitely easier to remember than a bunch of random characters. Pro tip: Stay away from password words that are common things people can find out about you. Names, birthdays, etc are all things you should avoid in your passwords.
Please don’t store your passwords on your computer or in a Word or Excel file! If someone were to get a hold of that file, it could have pretty significant consequences. Nothing is easier for a hacker than a password file named password.doc. I suggest getting some password management software like LastPass or 1Password (there’s a bunch of different options) and then protect that account with two-factor authentication and a 15+ character password. We all have an unbelievable amount of passwords these days and without some software to help you manage them it can be daunting.
Change your passwords periodically. It’s entirely possible that your service provider can (and will) get hacked at some point. You can mitigate some potential issues by changing your account passwords about every 180 days.
Don’t use the same passwords on different accounts. When a breach takes place, it is incredibly easy for the hacker to try your username and password combination on other sites. Keep in mind those hacked passwords are likely to end up on the dark web in quick order. If the passwords are all the same across your online accounts you’ve made it way way way too easy on them.
So while we look at Bill Burr with scrutiny in hindsight, it’s evident in the early ages of the web, a standard came into being that was misguided and not rooted in sound mathematics. To that point, the NIST has in recent years updated their password complexity policy to a more human friendly policy as follows “NIST recommends minimizing password complexity requirements, like the necessary inclusion of upper case letters, symbols, and numbers.”
While the future of account security likely lies in artificial intelligence and machine learning (which we can delve into another time), it is best to heed some lessons from the shortcomings of Mr. Burr’s policy. Take those necessary and simple steps to protect your passwords using some of the common sense techniques mentioned above. And hopefully soon the rest of the world will adapt to some sound and reasonable approaches to password policies.
Intellichoice Builders, LLC – Building Smarter starts here!
As one of the premier builders
in Bay, Walton and Gulf Counties, Intellichoice Builders brings a fresh level of professionalism and quality to all the projects that they work on. The staff at Intellichoice brings a wealth of knowledge and level of service that is above and beyond the norm. They are state licensed (CGC 1526169) and perform all types of construction: design/build, new construction, remodel, or additions, on both commercial and residential projects.
With over 20 years of experience, Robert Yanchis, one of the owners, says, “I’ve worked all over the State of Florida, in numerous states throughout the Southeast and even in the Caribbean, but this area of Florida is unique when it comes to contracting.” Intellichoice Builders prides itself on partnering with experienced subcontractors/ tradesman and working with them to develop relationships for long term success. “By working with the same tradesmen repeatedly, you get to understand how they work, and they understand our expectations and procedures which ultimately makes the projects flow more smoothly,” said Juan Gonzalez, Owner.
The last few years have been difficult for the local community. Bay and Gulf counties were starting to recover from the devastation of hurricane Michael and here came 2020 and the COVID-19 pandemic which has brought further devastating our community. Intellichoice Builders and their staff have instituted numerous additional safety procedures. Intellichoice will continue working within the community as long as safely possible. Intellichoice knows how important it is for people that have been displaced from their community and homes for the last few years to get back to normality. Intellichoice Builders are respecting orders from authorities and practicing safety as much as physically possible. Intellichoice Builders strives to provide a safe work environment for both their clients, construction partners and their workers. The project management software that Intellichoice uses is internet based and links the client to the project without needing to have in person interactions. They can record finish selections, change orders, RFI’s, etc. Intellichoice was already utilizing this software to work with clients from other states, now they use it to assist in limiting interactions due to the current health situation. Other strategies employed during these times include practicing social distancing by reducing the number of workers to jobsites or at least specific areas; avoiding box stores like Home Depot or Lowes and coordinating phone sales and deliveries instead; education of their staff as information is made available and encouraging good hygiene practices as always. Intellichoice’s goal is to keep their clients, construction partners and staff safe and healthy. Intellichoice Builders are constantly taking on new clients –Please contact them for your next project:
Intellichoice Builders, LLC 1818 Michigan Ave. Panama City, FL 32405 (850) 427-2727
