Network Security Doesn’t Have To Be A Burden

Whenever I log onto my computer, visit a subscriber web sites or check my emails I always get the screen “Please enter your User Name and Password”. To manage this authentication barrage I might use the same logon information for all my sites, make the passwords simply to remember and keep the same password for years. Now my company’s IT department has decided to increase security by making me change my logon password every 60 days, make it more than 8 characters long and it has to contain both numeric or special characters. Security is a necessary burden. But, does security really need to be a burden?

Of course there are times that I forget my password so I have to call IT and wait a few hours for them to reset my password. To make sure that I don’t forget them again I might write those passwords on post-it notes and stick them under my keyboard. Now that’s security since no one would ever think to look there! Does any of this sound familiar? Are you or your employees guilty of these same habits?

These practices violate all four of the golden rules to keeping passwords secure: 1) never use simple words or names that others can guess, 2) never writing down your passwords where others can find them, 3) never use the same password everywhere, and 4) never keep the same password for long periods of time.

What makes this whole tale more ironic is that I am in the computer security business. I know all the proper procedures, I know how hackers attacked computer systems and I know that over 70% of all identity theft occurs from co-workers, friends and even family members. But I am also human and trying to remember and type all my passwords is inconvenient, error prone and time consuming. So I decided to look for a way to make security so convenient that it no longer needed to be circumvented.

I now use a smartcard-based password manager that is easy to use and it allows me to easily manage all my digital identities on multiple computers and networks while exponentially increasing my security. Every one of my accounts now has its own long, unique, complex password that I don’t have to remember let alone type. Finally, smartcard based password managers protect computers from malicious software like spyware and keyloggers. Instead of “Dovell1″, my new password might be sdRy^k6()keHY. While I’m not totally password free since I still had to remember the one to authenticate me to the smartcard, I went from 98 different passwords down to 1.

It doesn’t matter if you use Power LogOn, RoboForm, VaultID or a host of any other token-based password manager products. The key is to use something, and make sure the product implement security features that protects your passwords if the token is ever lost or stolen.

In conclusion, I would add one more rule to the four golden rules:

GOLDEN RULE 5:Use a smartcard-based token to save passwords