Weblog Home

Archives by Category

• Civics
• Especially for Libraries
• Filtering
• Local News
• Matters of Spirit
• Public-Access Computing
• RFID and Wireless
• Resource Sharing
• Tech Topics
• What I'm Reading

Archives by Month

February 2008January 2008December 2007October 2007September 2007August 2007July 2007June 2007May 2007April 2007March 2007February 2007January 2007November 2006October 2006September 2006August 2006July 2006June 2006May 2006April 2006March 2006February 2006January 2006December 2005November 2005October 2005September 2005August 2005July 2005June 2005May 2005April 2005March 2005February 2005January 2005December 2004November 2004October 2004September 2004August 2004July 2004June 2004May 2004April 2004March 2004February 2004January 2004December 2003November 2003October 2003September 2003August 2003July 2003June 2003

Recent Entries

• Choose RFID for the Right Reasons
• Recommended: The Complete RFID Handbook
• Season's Greetings!
• MeeboMe when search fails in library catalog
• Off to See The Wizard!

Search this site:

Subscribe to this blog's feed
[What is this?]

April 28, 2004

Your Password for Chocolate?

There was a column in the NY Times Sunday by Gary Rivlin, "Pssss, Computers Users . . . Want Some Candy?" in which the author describes a demonstration done by computer security experts who offered up a chocolate bar in exchange for a person's computer password (outside of a London subway).

70% of those asked gave up their password for the chocolate.

The article goes on to explain that the primary reason people are so cavalier about giving up their passwords, and probably computer security in general, is because they don't understand it.

The extent to which people don't take computer security seriously can be understood by the number of post it notes with passwords written on them, the number of times you use the same password for different services and websites, the number of times your password can be found in a dictionary (within seconds by a snappy little program) or the number of times your password is your child/pet/spouse's name. These are all bad ideas.

Good passwords are difficult to remember precisely because they aren't words and they aren't names of your beloved. Things like "9*idhx89r" are good passwords.

Why care?

Well, I care because I'm getting pounded with unwanted mail and allegedly returned mail. The latter are messages that come back to me as if I sent them but in fact I did not send them. These are "spoofed emails." They are the results of OTHER people not being careful about things like passwords and viruses and firewall protection....basic security stuff.

Passwords are Step 1. Make them difficult to guess (and unfortunately difficult to remember). And change them often. If you need help remembering passwords, use a program like BeSafe that stores all your passwords (encrypted for safety) on your Palm and your computer.

Step 2. Install virus scanning software AND make sure your subscription is always up-to-date. It isn't enough to install McAfee and call it a day. You have to pay for the subscription. Make sure you set up the program to automatically update the virus definitions (the file that looks for the latest, greatest viruses). If your virus definitions are EVER more than a day or two old, you are at risk for becoming one of those people who is sending the rest of us the SPAM, PORN and SPOOFED email.

If you use Symantec/Norton products, go here for the latest virus definitions and product updates.

For McAfee, go here.

Step 3. If you are on a cable or DSL connection at home...be sure to use a firewall. Both Symantec/Norton and McAfee have software firewall options that are sold separately or as part of an Internet security bundle. Use the links above to check them out. The Internet security packages are worth their weight in gold. If you have an "always on" Internet connection, do your duty and buy one of them.

If you aren't covering these three basics, you aren't being a responsible netizen. No one is out there doing it for you. There aren't millions of people writing billions of viruses and sending out barrels of SPAM. There are a bunch of those people. It's the rest of us, we millions, that handle the distribution for them.

I love the Internet, you love the Internet, let's get back to it....but as the Hill Street Blues sergeant used to say..."Hey, let's be careful out there."

Posted by Lori at 9:11 AM | Permalink

Comments

The only problem with so called safe passwords is that since most people cannot remember them, they write them down which makes them more unsafe than real words and false security. Technical security is not the same thing as practical security. What you should do is a completely different thing from what people actually do. At my workplace (a library) we change the grouplogin (which we use on staff computers in public areas) every two months. They use a system so that if you know last months password you can guess next months. To top it all off, they post it in staff which are not that hard to get in to. In my opinion that is not security.

Posted by: Elisabet Fornell | April 29, 2004 2:55 AM

Elizabet,

I have to agree with you...that is not security!

Thanks for the comments,

Lori

Posted by: Lori | May 3, 2004 9:36 AM

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Name:

Email Address:

URL:

Remember personal info?

Comments: