LPM Tip

Logo

99 passwords, but I can’t remember which one: managing applications access

The chief difficulty in having so many programs and applications that we use in our work and personal lives is that we wish to secure much of the data we put online -- or, if not the data, certainly the accounts which we use to post the data (privately, publicly or semi-publicly). That's a lot of passwords to memorize, assuming they're all different, which they should be.

I've written, previously in this space, on the potential of password managers; but, to use those applications, on top of applications, you must supply a master password that, when entered, will 'turn on' the program. Once your master password has been correctly entered, the program will pre-load all of your passwords for the applications you've recorded in your password manager. A good number of people use password managers and I don't begrudge them that. I am just not counted in their number. Despite the convenience of these programs, the plain fact of the matter is that a hacker only needs to break your master password to get to all of the others. If that happens, I wonder what the point of creating so many unique passwords was?

Password managers are appealing because these serve to take memory out of the equation, for the most part. You only need to remember one password, rather than dozens. So, if you choose not to use a password manager, you've then got to figure out what memory prompts you will establish to help you remember which passwords work for which applications. (You could keep a master password list of your own, via an Excel  spreadsheet, but, then you run smack into the problem of the password managers.)

There are, however, some techniques you could use to create memorable passwords, that are simultaneously difficult to crack:

  • Having a photographic memory helps. I know, I know ... I'm sorry. Not fair.
  • You can dramatically increase the difficulty of hacking your passwords when you introduce symbols, in lieu of letters and numbers. In order to help you remember those symbols, you can choose ones that resemble letters and numbers (e.g.--@ for a, ! for 1).
  • You can utilize mnemonic devices (like back in grade school, when you memorized ROY G. BIV in order to reproduce the rainbow's color spectrum) to create passwords. If you can recall a sentence or phrase that is memorable to you, you can use the mnemonic device to create a password, which you could then use as a stand alone password, or one of the bricks for building more fulsome passwords.
  • You can build increasingly complex passwords off of root words or phrases. In the last example, a sentence becomes a mnemonic device, which then becomes a password. You could also take a common word or short phrase, like '8 armadillos' and turn it into '%@RM@d!))0S.' It's memorable, it looks sort of the same, but it is far more difficult to crack than the original. The more root words and phrases you can convert to password components, the more combinations you can create. You'll end up providing yourself with a wide array of potential passwords based on an established number of initial inputs known only to you.
  • The requirements for the security of individual applications vary. You're probably less concerned about the password for your Yahoo! Fantasy Football team than you are about the password for your case management system. So, you can treat your passwords accordingly. You could develop a hierarchy of passwords, from more secure (harder to remember) to less secure (easier to remember), based on the value of the information that is being protected. Your fantasy football password could be something like: 'RevisIslander' and your case management password would be far more complex.

  • Many websites will ask you to establish answers to predetermined security questions, in addition to creating a password. When selecting security questions and answers, you should avoid choosing answers reflecting data that may be publicly available, including, potentially: your birthday, or relatives' birthdays, family names and maiden names, your street address or the date and/or place of your marriage. Far more secure questions relate to things that are not easily found via the web, or better yet that are not available on the web at all. This includes things like: the name of your childhood pet, the street your best friend from elementary school lived on or a private term of affection for your spouse.

The good news is that, as soon as fingerprint access becomes commonplace, alphanumeric passwords will be a thing of the past.

Tip courtesy of Jared Correia, Law Office Management Assistance Program.

Published March 13, 2014

--------------------------------------------------------------------------

To learn more about the Law Practice Management Section, which is complimentary for all MBA members, contact LPM Section Chair Cynthia E. MacCausland or Vice Chair Damian J. Turco.
©2014 Massachusetts Bar Association