Passwords or Pass Phrase? Protecting your Intellectual Property

Much has been said on the theory of password protection for files, computer login, and other network access. In the past we used a combination of letters, special characters, and other techniques to try and prevent unwanted or unauthorized access to our computers, resources, and networks. A new theory on passwords is emerging that may help us remember our access codes, be more secure, and generally keep hackers and thieves out of our networks.

A password is a combination of words, letters, and special characters that only the user knows, allowing access to a computer or other information resources. As humans we have a large number of codes and numbers we need to remember every day - such as the key lock on our apartment entries, national identification numbers, automobile license or tag numbers, telephone numbers - it is a large and confusing suite of items we need to memorize.

When selecting a new password or pass code for access to a computer system, most of us understand how difficult it is to remember complex codes, and thus we select something already know n to us, such as names, birthdays, national identifiers, or other known items, and then place a number or character in front of the name or number thinking it is secure. This is easy to understand, as most of us simply do not have an ability to instantly recall large numbers of complex codes.

In a worst case we simply write down the complex code on a piece of paper, and leave it in a desk, our pocketbook, or in many cases taped to the front of our computer monitor.

However, to a hacker this makes access to your network or computer much easier, at they generally only have to learn a couple things about you, and add a few numbers to the front or ending of your personal data - you would be surprised how often this grants access to computers and networks. Ad some good "cracking utilities" to the hacker's suite of tools, and you can understand the threat.

PassPhrases are a concept that will help us create more secure, easy to remember safeguards for our computer and network resource protection. A passphrase is a selection of words and/or numbers that are 15 characters or more in length, and are easy for us to remember. A couple examples of a good pass phrases are:

? igotodalaieejdaily

? shehasbeautifulhair

? surfinginhawaiiisgreat

According to Mark Minasi, a noted security consultant, a 15 character pass phrase will require a cracking program the following number of computations to try and break a 15 character pass phrase:

? 15 lowercase letters = 1,677,259,342,285,725,925,376 possibilities

? Try a million a second, it'll take 531,855 centuries/years to break the code

As you can see, this is a pretty good level of security for your resource.

Another concern with passwords is if you forget or lose the password, and are using a utility like Microsoft's Encrypting File System (EFS), you run the risk of losing all access to your important files if you require a hardware reset of your password. All EFS encrypted files are linked to your login profile, meaning if you encrypt a directory or file with EFS, and you do a hardware reset on your computer, those files and directories are lost FOREVER.

For Microsoft Windows users you can now also use spaces within your pass phrase, however we would not recommend embedding spaces in your pass phrase, as that actually does allow a cracker better access to getting your code - it may help them crack it in 100,000 years rather than 250,000!

(About the Author - John Savageau is a managing director at CRG-West, responsible for managing operations and architecture for several of the largest telecommunications interconnect facilities in the US, including One Wilshire in Los Angeles)