Other than tech factotum and chief PITA, I play one other major role in our office. As network admin for Vickie Milazzo Institute, I can make or break passwords at will. A few clicks in Active Directory (AD) and your password is now one of my choosing.
It’s a fact of admin life that you can often look around a user’s cubicle, office or toilet stall and guess their password within three tries. Sometimes it’s simple. I just look behind a photo of their spouse or pet or in a drawer for a hidden sticky note with the password that should have been memorized and not written down. That’s pretty embarrassing for the user (and even more so when I remind them that the cleaning krewe could do the same thing). If I can’t guess the password (and I’ll sometimes resort to a little social engineering while I search so it’s not that tough), I play a computer-admin joke. The joke’s set-up is to change the password in AD to a new one of my choice and then go bet the user (lunch at Chipotle maybe) that I can guess their password. Once the bet’s made, I have the user log off and then I log on with my new password. It usually shocks most users. I then force a password change so that they have to reselect a less “easy” password. They never realize that I really didn’t guess their password. My password game is almost as much fun as switching the user’s default font for one that’s upside down or backwards. (Yeah, I know – get a real life.)
My point here is that most users, and probably most legal nurse consultants (but not Certified Legal Nurse Consultants) have simple passwords and use the same password and variations of that password for almost all their log ins. This includes their gmail, Yahoo! mail and other webmail accounts, eBay, Facebook and probably Amazon.com (not to mention PayPal). Webmail accounts are one of the most lucrative sources for crooks. Why? Because once broken into, these accounts often contain email with embedded links to other financial and online banking information. If someone hacks your webmail, they can often hijack your financial data.
Knowing your email address and using well known deep-web search engines like Spokeo.com, I can track instances of your email address throughout the web. If, as part of your legal nurse consulting business or just your personal life, you write reviews on sites that use your email as the user id or login, or if you keep a public wish list, your accounts will be laid out like penny candy in a dime store. That means I can hack your shopping too, if you used that same simple password.
How do Certified Legal Nurse Consultants prevent this type of hacking? Of three possible methods, only one is easy. The hardest (the one that nobody, and I mean nobody, even admins don’t like) is to maintain hardened passwords. Hardened passwords contain at least eight characters that include upper and lower case letters, numbers and symbols. In a later blog, I’ll give some tips on creating hardened passwords. For now, don’t use anything simple like your birthday, pet’s name, social security, driver’s license number or combination of these or anything else that directly relates to you.
The next solution is the easiest and least secure. It should only be used by legal nurse consultants who have a computer dedicated to their business that does not travel. This means a homebound computer whose only risk of loss is burglary (or being tossed out when it acts up). If you’ve got one of these dedicated computers, you can use your Firefox or Internet Explorer (IE) Web browser to remember your passwords. Both browsers will prompt you to store passwords that you enter for any website. This free solution works pretty well. It’s when you forget a password that you run into trouble. Internet Explorer encrypts and stores the passwords in the Windows registry.
If you forget a password, you’ll need to purchase a program to allow you to recover the encrypted password(s). These programs vary depending upon which version of IE you’re running. I always worry about third-party programs so this is my least favorite method of password management. If you’re a Firefox user and forget a password you can easily view them by clicking Tools, Options, Security, Saved Passwords and finally Show Passwords, then Yes. This makes it a snap to find a password you can’t remember. Of course, if you can do this, so can anyone else accessing your computer.
The last solution is the best but requires some trust. It’s to use a password-storing program or service. If you’re a legal nurse consultant who is a PC user (Windows® XP or Vista) there are inexpensive programs ($29.95) like Roboform. These programs encrypt and store your passwords, logins and sometimes credit card information. With the Roboform2Go upgrade you can load your information onto a USB stick and take it with you wherever you go (attorney’s offices, vacations, business travel, etc.). I’ve never been a fan of USB devices for passwords because I lose too many things (if anyone finds my Plantronics Bluetooth headset drop me an email) and I can just imagine the USB stick falling into evil hands. Mac users can use 1Password Password Manager, a $39.95 download for Macs that accomplishes many of the same functions as Roboform.
Before you buy, confirm that the programs are compatible with your most commonly used Web browser. Both offer a free, restricted version that has certain limitations but provide test drives for those of you who like to look before you leap.
For password management, any Certified Legal Nurse Consultant could do a whole lot worse than investigating and using a password manager like Roboform.
In my next blog I’ll talk more about creating hardened passwords.