Current eMessage > Technical Information > October 2017

Technical Information

Open Sesame! Learn about a new take on passwords

by MACC’s Technical Support Team

Like the famous phrase that opened the cave of treasure in Ali Baba and the 40 thieves, hackers try to use your password to get at you and your company’s treasured customer information. Using passwords like password or 1234 is like opening the door for them. Security experts have preached for years about using secure passwords of six digits or more consisting of upper and lower case, numbers and symbols. As hackers have evolved so has the idea of what a secure password is.

New theories are emerging that present an interesting idea. While we don’t recommend jumping on the bandwagon until it has been proven effective, it is interesting to consider.

The National Institute of Standards and Technology (NIST) now suggests keeping passwords simple, long and memorable. Paul Grassi, senior standards and technology adviser at NIST (who led the new revision of guidelines) in an interview with NPR’s Audie Cornish said:

Phrases, lowercase letters and typical English words work well. Experts no longer suggest special characters and a mix of lower and uppercase letters. And passwords never need to expire. We focus on the cognitive side of this, which is what tools can users use to remember these things?” Grassi said. “So if you can picture it in your head, and no one else could, that’s a good password.”

While these rules may seem suspiciously easy, Grassi said these guidelines help users create longer passwords that are harder for hackers to break. Also, he said the computer security industry in both the public and private sectors has received these new rules positively.

“It works because we are creating longer passwords that cryptographically are harder to break than the shorter ones, even with all those special character requirements,” Grassi said “We are really bad at random passwords, so the longer the better.”

Grassi stands by these new guidelines because previous tips for passwords affected users negatively and did not do much to boost security. When users change their passwords every 90 days, they often aren’t dramatically changing the password.

“I’m pretty sure you’re not changing your entire password; you’re shifting one character,” he said. “Everyone does that, and the bad guys know it.”

Until this theory has had more time in the field to be proven, we suggest a compromise. Use a long phrase familiar to yourself and easy to remember. But, add subtle changes to the phrase. Randomly use upper case letters. Replace some of the letters with numbers and symbols. Here is an example:

Phrase: a rolling stone gathers no moss
Password: ARolling$ton3Gath3r$NoMo$$

We accomplished this simply by replacing the letter s with $, and the letter e with 3. Then we capitalized the first letter of each word. These simple steps can make longer, more complex passwords easier to remember.

We take data security very seriously at MACC and are committed to offering our best to help you strengthen your defenses. If you have any questions, or if there is anything we can do for you, please don’t hesitate to contact your MACC Tech Support Team and we will be happy to help! We can be reached at 402-533-5300 or via email at [email protected].

Return to current eMessage

Have a technical question?

We would love to hear from you! Use the form below to submit your questions and comments and we will include them in our monthly newsletter articles.

Fill out my online form.

MACC Challenge

Article Archive

September 2017
Learn how to keep your data safe

August 2017
More than a buzzword

July 2017
What is a DDOS attack?

June 2017
Ransomware is in the news again!

May 2017
Tech Support has your back

April 2017
Beware of ransomware for hire

March 2017
Air gapped backups

February 2017
Tired of Ransomware?

2016 Articles

November 2016
Do you have Tape-itis?

October 2016
MBTC Tech Booster Recap

September 2016
Workplace wireless technologies

August 2016
Steps to improve your cybersecurity

July 2016
Windows 10 upgrade info

June 2016
Is an old server saving money?

April 2016
Router security

February 2016
A back-up is the best defense