Main Menu
Home
Columns
Feature Articles
News Briefs
Counselor Bloggers
Affiliates
Current Issue - Subscribe!

Magazine Issues
August 2008 Issue
June 2008 Issue
April 2008 Issue
February 2008 Issue
December 2007 Issue
October 2007 Issue
Information
About The Magazine
Professional Bookstore
Referral Directory
Advertisers Index
Events Calendar
« < September 2008 > »
S M T W T F S
31 1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 1 2 3 4
Counselor Bloggers
What is Recovery?

An essay on the subject of “What is Recovery” raises, for me, the question of what is Addiction. Since everyone of us has an idea, our own idea, of what Addiction is, we'll also have our own answer to “What is Recovery?”

Since we don’t have agreement in our field on what Addiction is, I doubt that we can come up with an easy agreement on what recovery is. I could just tell you my definition of both but my goal is not for us to have a debate over which we can come to a resolution. My goal is that we all look at ourselves and how we got to this question. It may be, that after examining ourselves, we may choose to change the question we ask.
Read more...
 
Counselor Syndication
feed image
feed image
feed image
Keeping Passwords Strong
Columns - Management Corner: Technology Trends
Written by Jim Mays   
Tuesday, 07 August 2007
I have a problem with my money.  It’s not that I don’t have any; it’s just that I can’t get to it.

I’ve forgotten my personal identification number (PIN). For several years I had the same easy to remember PIN. It was meaningful to me and wasn’t something easy to guess like my birthday or “1234.” I’ve attempted to remember it, but so far no luck. The ATM machine won’t allow more than three guesses before it swallows your card . You are then forced to visit the bank, in person, to retrieve it. Rather than suffer that humiliation (again), I just stopped using my card when I need to remember the PIN. A PIN is nothing more than a numeric password, and it seems as if there are way too many for the average human to remember.  Fortunately, there are some guidelines about passwords that can help you keep them straight.
If you’re like me, there are many different situations where you are required to have a password. I found that I quickly grew tired of having to remember so many passwords, and I suspect my solution to this problem is the same as yours. Instead of choosing all sorts of new passwords, I started using the same one everywhere.

This is a dangerous practice since someone having one of your passwords and only a little bit of knowledge about you could access a lot of supposedly protected information. For example, let’s say I stumble upon a nifty website that provides me with parking information at the airport. I have to create a username and login to use this website. My username is my e-mail address, which the site verifies by sending me an e-mail to which I’m required to reply. I choose a password, and because I’ve gotten lazy, I use the same one as for other accounts, including my e-mail account. 

The fictitious website I’ve described may in fact provide great information, or it could be established by a nefarious hacker who now has not only my e-mail address but my e-mail password as well. Access to my e-mail account provides information on a vast trove of additional personal information. It is a very bad idea to use the same password for everything. 

Passwords are a great source of pain and aggravation for any system administrator. A good system administrator will force users to change their passwords on a regular basis. However, forcing users to change their passwords too frequently causes the telephone to become alive with help desk calls. One hapless user after another will call to report that they have locked themselves out of the system by trying too many wrong passwords or forgetting their password altogether. 

One solution to this password chaos is the use of biometric authentication.  Biometric authentication involves scanning a person’s retina, a fingerprint or even his or her voice. Several years ago biometric authentication was all the rage in spy movies. The usual workaround presented was for the interloper to remove the finger or eyeball of someone, and present it for access. This has left me less than enthusiastic about biometric authentication. 

More clever and less obtrusive methods of defeating biometric authentication include some variation of obtaining a fingerprint from a wineglass or other surface. This form of authentication has become much more common. IBM even started manufacturing a model of their Thinkpad that uses fingerprint authentication. (Thinkpads are now manufactured and sold by Lenovo but can still be purchased with a fingerprint reader.) 
Other alternate methods for authentication include special key fobs and “smart” cards, similar in size to a credit card. I think most people would rather just use a password than subject themselves to a biometric scan or have to worry about carrying around some type of token. 

There are varying opinions about the most commonly used passwords, but “Password” and “Password1” are near the top of everyone’s list. Other commonly used passwords are variations of a person’s name, the names of family members, as well as the names of pets. Sometimes people use passwords that convey a unique characteristic or nickname. This can be embarrassing if the password is ever revealed. To avoid this kind of embarrassment, it is best to choose a password besides 2Sexy1 or Sweetpea.

In a Nov. 17, 2006, article in the trade magazine, Infoworld, “MySpace password exploit: Crunching the numbers,” author Roger Crimes reports on a study of passwords used on the MySpace website. Among his findings:

•Numbers are most frequently used at the end of passwords.
•Words containing colors, years, sports and hobbies are popular.
•Swear words are popular.
•Names of professional sports teams are popular.

The problem with commonly used passwords is that they make a system much less secure. A common technique of hackers is the use of a “dictionary” of common passwords that simply tries words until it comes up with the correct one. Without proper thought, even a little knowledge about someone makes their password more easily guessable. A password that’s easily guessed is considered “weak” and one that’s difficult to guess is “strong.” There is general agreement about what constitutes a strong password. Ideally, it would consist of a random combination of letters, numbers, and characters. Additionally, the longer a password’s length the harder it is to guess.
 
A common myth about passwords is that they should be changed frequently. If humans were strictly logical this would be true. Unfortunately, forcing users to change passwords too often makes it more likely they will feel insecure about remembering their passwords and write them down.  A password that is too hard to remember, too long, or changed too frequently will cause users to engage in behavior that circumvents the strength of a password.
 
One method of choosing passwords that many experts recommend is to select a phrase and then create a letter combination from that phrase. For example, “any way the wind blows doesn’t really matter” would be “awtwbdrm.” An acquaintance of mine, who shall remain nameless, likes to substitute certain letters with numbers that look alike. For example, “e” would become “3” and “l” would become “7.”
 
Passwords should be at least eight characters long and should contain at least one capital letter, one number and one special character. They should be changed regularly, but probably not more than every 90 days. Microsoft has a special page for checking the strength of a password. The company recommends that a password contain 14 characters or more; however, it also acknowledges that eight characters is more reasonable. Checking a password is as easy as typing it into the box provided. The site will rate your password as being weak, strong or best.
 
Additional guidance on choosing passwords can be found at the National Institutes of Health (www.alw.nih.gov/Security/Docs/passwd.html), Microsoft (www.microsoft.com/athome/security/privacy/password.mspx) and the National Institute of Standards Technology (www.nist.gov). The password strength checker may be found at: www.microsoft.com/
athome/security/privacy/password_checker.mspx.

Jim has never used “Password1” as his password, nor has he used the names of family members or pets. Comments and questions may be directed to This e-mail address is being protected from spam bots, you need JavaScript enabled to view it




Digg!Reddit!Del.icio.us!Google!Slashdot!Netscape!Technorati!StumbleUpon!Newsvine!Furl!Yahoo!Ma.gnolia!Free social bookmarking plugins and extensions for Joomla! websites! title=
Comments
Add New Search RSS
Write comment
Name:
Email:
 
Title:
UBBCode:
[b] [i] [u] [url] [quote] [code] [img] 
 
 
:):grin;)8):p:roll:eek:upset:zzz:sigh:?:cry:(:x
 
Please input the anti-spam code that you can read in the image.

3.25 Copyright (C) 2007 Alain Georgette / Copyright (C) 2006 Frantisek Hliva. All rights reserved."
 
< Prev   Next >
(c) 2007 Counselor Magazine | Health Blogs - BlogCatalog Blog Directory