“I hate passwords!”
“I hate changing my passwords!”
“Yahoo doesn’t make me change my passwords! Why do I have to change my UNM password?”
I despise having to use and change passwords, too. Unfortunately, not all computer systems are equipped with retinal scanners, voice recognition and fingerprint readers nor can everyone afford these identity authentication gadgets. So, like you, I have several different user IDs (aka login IDs) and passwords. Some passwords I change periodically; others I do not.
It’d be nice if computer systems could sense who you are and be able to tell if “you” are really “you,” but unfortunately most systems aren’t that sophisticated, yet. Alas, we may be stuck with passwords for a while.
“My bank doesn’t make me change my password.” While financial institutions like Wells Fargo and Bank of America may not make you change your online banking password, in the past year or so, many large banks have actually toughened up their online authentication processes. For example, Bank of America now requires customers to answer a security question in addition to supplying a password and confirming a picture.
“But my UNM online stuff isn’t as important as my money. I’m an adult. Let me decide when to change my password.”
For most students, that’s probably what UNM IT is going to recommend. However, some students do have access to more than just their own UNM accounts and courseware.
These students may very well have to change their UNM password more frequently. Such an approach is referred to as “risk-based” and “role-based” security. It’s an environment in which password complexity and password-change requirements are determined by who you are, what you have access to and what the impact and risk is to getting your NetID and password hacked.
“In the meantime, why do I have to pick different passwords than ones I’ve used before, and why do the passwords themselves have to be all gobbledy-gook with pounds signs and stuff like that?”
Studies have shown that more than 40 percent of all individually chosen passwords are readily guessed by someone who knows the account’s owner. When left to their own devices, most people will use the same password for many different applications. This is very risky: A hacker or “friend” may be able to get into many of your accounts after only figuring out your password once.
Believe it or not, the most popular passwords used on Web sites like Facebook, Hotmail and Yahoo include “123456,” “iloveyou,” “password” and “qwerty” (which are the first 6 letters on the top left row of many keyboards). And, while no password is un-crackable, the general rule of thumb is “the longer, the better.”
There are several other cute phrases that are often used to help remind us of how to treat passwords: “Passwords are like toothbrushes: Don’t share yours with others.”
“Passwords are like socks: you should change them often.” But nothing beats a very long and very complex password. Unfortunately, many computer systems (including some at UNM) do not permit very long and very complex passwords. In those cases, make your password as long and as complex as you can. To see how strong your passwords are, test their strength on a Microsoft Web site, such as www.microsoft.com/protect/fraud/passwords/checker.aspx.
Things could be worse. Some security experts recommend that passwords should be randomly generated and then given to people to use. But don’t worry. UNM won’t be moving to randomly-generated passwords, and things really will get better here at UNM.
As everyone becomes more aware of the risks of using the same, simple passwords and decides to create and use longer and more complex pass-phrases or one-time passwords, stringent password requirements may no longer be needed.
P.S. It’s probably not good for you to use your NetID or UNM e-mail address for Yahoo, MySpace or Facebook. More on that in a later column. If you have questions about computer security or have ideas for future topics, feel free to contact me at mcarr@unm.edu.
Get content from The Daily Lobo delivered to your inbox
Mike Carr is the UNM Director of IT Security & Quality Assurance.
