Passwords or Pass Phrase? Protecting your Intellectual Property

Much has been said on the theory of password protection for files, computer login, and other network access. In the past we used a combination of letters, special characters, and other techniques to try and prevent unwanted or unauthorized access to our computers, resources, and networks. A new theory on passwords is emerging that may help us remember our access codes, be more secure, and generally keep hackers and thieves out of our networks.

A password is a combination of words, letters, and special characters that only the user knows, allowing access to a computer or other information resources. As humans we have a large number of codes and numbers we need to remember every day - such as the key lock on our apartment entries, national identification numbers, automobile license or tag numbers, telephone numbers - it is a large and confusing suite of items we need to memorize.

When selecting a new password or pass code for access to a computer system, most of us understand how difficult it is to remember complex codes, and thus we select something already know n to us, such as names, birthdays, national identifiers, or other known items, and then place a number or character in front of the name or number thinking it is secure. This is easy to understand, as most of us simply do not have an ability to instantly recall large numbers of complex codes.

In a worst case we simply write down the complex code on a piece of paper, and leave it in a desk, our pocketbook, or in many cases taped to the front of our computer monitor.

However, to a hacker this makes access to your network or computer much easier, at they generally only have to learn a couple things about you, and add a few numbers to the front or ending of your personal data - you would be surprised how often this grants access to computers and networks. Ad some good "cracking utilities" to the hacker's suite of tools, and you can understand the threat.

PassPhrases are a concept that will help us create more secure, easy to remember safeguards for our computer and network resource protection. A passphrase is a selection of words and/or numbers that are 15 characters or more in length, and are easy for us to remember. A couple examples of a good pass phrases are:

? igotodalaieejdaily

? shehasbeautifulhair

? surfinginhawaiiisgreat

According to Mark Minasi, a noted security consultant, a 15 character pass phrase will require a cracking program the following number of computations to try and break a 15 character pass phrase:

? 15 lowercase letters = 1,677,259,342,285,725,925,376 possibilities

? Try a million a second, it'll take 531,855 centuries/years to break the code

As you can see, this is a pretty good level of security for your resource.

Another concern with passwords is if you forget or lose the password, and are using a utility like Microsoft's Encrypting File System (EFS), you run the risk of losing all access to your important files if you require a hardware reset of your password. All EFS encrypted files are linked to your login profile, meaning if you encrypt a directory or file with EFS, and you do a hardware reset on your computer, those files and directories are lost FOREVER.

For Microsoft Windows users you can now also use spaces within your pass phrase, however we would not recommend embedding spaces in your pass phrase, as that actually does allow a cracker better access to getting your code - it may help them crack it in 100,000 years rather than 250,000!

(About the Author - John Savageau is a managing director at CRG-West, responsible for managing operations and architecture for several of the largest telecommunications interconnect facilities in the US, including One Wilshire in Los Angeles)

ABC News

Blasts Hit Security HQs in Syrian City Aleppo ABC News Two explosions targeted security compounds in the Syrian city of Aleppo on Friday, state media reported, saying 25 people were killed and 175 wounded in a major city that has so far largely stood by President Bashar Assad in the nearly 11-month-old ... Syria Crisis: Bombs Hit Security Headquarters In AleppoHuffington Post Syria unrest: Explosions in Aleppo 'kill 25'BBC News Bomb blasts bring death to Syria's AleppoReuters gulfnews.com all 459 news articles »

Afghan private security handover looking messy Boston.com By Heidi Vogt AP / February 10, 2012 KABUL, Afghanistan—The push by Afghanistan's president to nationalize legions of private security guards before the end of March is encouraging corruption and jeopardizing multibillion-dollar aid projects, ... and more »

New York Daily News

Coming & Going: Expedited TSA screening, new blood clot advice, more travel news Washington Post Coming & Going Get through security faster; prevent blood clots on flights TSA expands program The Transportation Security Administration has announced that it will add all three Washington area airports to its expedited screening program. New airport security rules will let some passengers keep their shoes, belts onNew York Daily News O'Hare to get expedited security screeningChicago Tribune TSA to expand PreCheck program to speed up airport security linesLos Angeles Times Baltimore Sun (blog) -Reuters -Boston Globe all 812 news articles »

Newsday

Blasts hit security HQs in Syrian city Aleppo Newsday Click here Blasts hit security HQs in Syrian city Aleppo Originally published: February 10, 2012 3:41 AM Updated: February 10, 2012 6:02 AM By The Associated Press BASSEM MROUE (Associated Press) (AP) -- Two explosions targeted security compounds in ... and more »

AFP

Security forces shoot dead two Tibetans: report AFP BEIJING — Security forces shot dead two Tibetan brothers who were on the run after protesting against Chinese rule, US-based broadcaster Radio Free Asia (RFA) said, a day after a monk reportedly set himself alight. The incidents are said to have taken ... Report Says 2 Tibetans Killed by Security ForcesABC News all 317 news articles »

Russian security agency says military officer sentenced to 13 years for ... Washington Post MOSCOW — A Russian security agency says a Russian military officer has been convicted of passing missile secrets to the CIA and sentenced to 13 years in prison. The Federal Security Service, the main successor to the KGB, said Lt.-Col. and more »

First Security Group Completes Transformation of Executive Management Team MarketWatch (press release) CHATTANOOGA, Tenn., Feb 09, 2012 (BUSINESS WIRE) -- With the appointment of three new executive vice presidents, First Security Group, Inc. /quotes/zigman/6590222/quotes/nls/fsgi FSGI +0.89% has completed the restructuring of its executive management ... and more »

Nigerian runaway bomb suspect recaptured: source Reuters | ABUJA (Reuters) - Nigerian security forces recaptured on Friday the main suspect in a deadly Christmas Day bomb attack who escaped from police custody last month, a state security source said. Kabiru Sokoto's escape on January 18 was described by ... and more »

Microsoft Ruining Valentine's Day with Nine Security Bulletins PCWorld (blog) Microsoft revealed today that there are nine new security bulletins slated for next Tuesday. Happy Valentine's Day? Of the nine security bulletins, four are rated as Critical and the remaining five are all Important. Based on the limited information ... Microsoft to issue more critical patches next week for Win7 than XPComputerworld Patch Tuesday heads-up: 21 vulnerabilities, including 'critical' IE bulletinZDNet (blog) all 43 news articles »

NFC World

Security flaw in Google Wallet PIN identified msnbc.com By Matt Liebowitz A security researcher has found a serious flaw in Google Wallet's PIN protection that, in seconds, could enable an attacker to view everything in the owner's digital wallet, including credit card numbers and transaction history. Google Wallet Security Concerns RaisedPCWorld zvelo Researcher Discovers Google Wallet PIN Security VulnerabilityMarketWatch (press release) all 78 news articles »