With the recent password leaks from both LinkedIn.com and Yahoo.com, the topic of passwords has been at the forefront of many citizens and specifically IT departments. It is not uncommon to walk in to an office environment and see things like passwords taped to monitors or hidden on sticky notes under mouse pads, keyboards, and in desk drawers.
The first element of a good password is complexity. Complexity is a method to make your password more difficult to “crack”. The first step of creating a complex password is not to use any dictionary words. Unfortunately, when coupled with the requirement for special characters and numbers and upper and lowercase. These kinds of requirements often leads people do as one FBI agent did in the exposed Yahoo hack and create a password like PA$$w0rd01. This is only marginally better than simply using “password” since hackers using any dictionary-based attack will account for these kinds of simple letter substitutions.
A good password should have at least two uppercase, two lowercase, two special characters and two numbers, not contain any dictionary words or simple substitutions, and be at least 15 characters long. These requirements also have evolved to not include things like keyboard patterns or progressions like QWer12#$ or 13qeadzc!#QEADZC. The final requirement is not use personal information like names, birthdays, anniversaries, pet’s names, and the like as the basis or in your passwords. Combining all of these greatly increases the complexity of your password which makes it harder to “crack” using brute force attacks.
Because of these all these requirements, people often have a hard time thinking of passwords that are “secure” but easy enough to remember not to have to write them down.
An easy way to create a secure password that is EASY to remember is to take a phrase that you know well and use that as the base for a cipher.
I will use the two most famous lines from “A Few Good Men” to illustrate now to do this.
“I want the truth! You can’t handle the truth!”
Another method is to develop a passphrase and a cipher box that contains the 26 letters of the alphabet and a mix of number and special characters. Below I will use a line from the movie “The Boondock Saints” to show now this can be done.
“And shepherds we shall be!” when used with the below cipher box becomes “H7Vg-qm-qsVgFqg-h$$We6”
This primer doesn’t cover all the possible good password creation methods, nor does it begin to touch on some of the cool things being done in biometric and two-factor authentication.
After about a month of testing Thursby’s PKard Smart Card Reader for iOS devices, I am happy to say I am rather impressed. The interface is smooth and clean, with only some minor glitches one would expect in v1.0 software. The two major functions that I use is the ability to CAC authentic to Outlook Web Access as well as Microsoft SharePoint and web sites. With PKard’s recent FIPS 140-2 compliance Thursby is taking all the right steps in the right direction.
The area’s were PKard still needs quite a bit of work is signing and encrypting emails, without this key capability, it is only a half solution to its target audience’s needs. The other area that really needs work is better handling of documents, especially PDF’s with a method to edit, digitally sign, and send within the product suite.
If Thursby really wants to step up their game and garner increased adoption, the usefulness of the product line would be to open and sign .xfdl files used by the Air Force and Army for many of the documents within the departments. IBM has stated they are not putting any effort in to an iOS app for the documents as they are moving to a server centric implementation that the Air Force and Army likely will not move to any time soon.
The bottom-line, the product is good, but does have plenty of room to grow!