By ARUN MARBALLI
Our online identity, these days, is almost just as important as our real life identity in our increasingly digital universe. Consequently, protecting who has access to our digital records and more importantly who has authorization to create our digital records is crucially important. It is akin to the way we protect our important documents by storing them in safe deposit boxes and fireproof safes. The key that provides access to our digital identities is usually the combination of a username and password - in fact our online identity is comprised of one or more usernames and the associated passwords. Over the last few years, the number of Web sites that require a sign-in has steadily increased resulting in a perception of increased security. While the imposition of a username and password is in itself not a bad thing however when you have set up 10 to 15 (possibly more) sets of usernames and passwords, it becomes somewhat unwieldy and unmanageable - have you noticed that when you enter incorrect identification, the message almost always says that the Username/Password that you have entered is incorrect - thus leaving you guessing as to whether you erred in the User Name or the Password or both? How then can we make this easier and less confusing? Undoubtedly, managing our digital identity has become an important skill - one not to be taken lightly - hence, I thought I would devote this column to discussing some ways to manage our digital identity while at the same time making it more secure.
First, let us tackle the Username; it is fairly easy to standardize on the username since many Web sites make it convenient for us by forcing the username to be our e-mail address. Other sites allow us the flexibility to setup a username of our choice and for these the left-hand side of the e-mail address is one idea. I like to employ the same username in all places as far as possible since this eliminates any guesswork and for those of us who have a penchant for changing our e-mail addresses on a regular basis, I would suggest that they try to keep the left-hand side of the e-mail address constant as far as possible.
Next, if you think of the Username as a locked door, the password is then the key for that locked door. The level of secrecy typically associated with the Username is not high. The password on the other hand is entirely another story. We want our "key" to be confidential, as difficult to copy as possible and practically impossible to guess. In general for passwords to be considered as "Strong," they should be at least 6 characters in length and should contain a mix of uppercase/lowercase alphabets as well as numbers. Use of special characters such as !, $ and # (if allowed) strengthen passwords further and make them more difficult to guess. We should never use names, birthdays or birth-signs in the passwords by themselves - they are too easy to guess. A good tactic for constructing a password is to write a sentence containing six to 10 words and numbers. If possible, include some proper nouns as well. Consider the following example - "We moved to Tampa Bay in 1992." Now, using the first letter of each word and the number as is, we can generate a password "WmtTBi1992" - a completely unintelligible string of characters and impossible to guess! To remember it, all you have to do is commit the sentence that means something only to you, to memory. The idea is simple the possibilities are endless!
Now, should we use the same password for accessing all Web sites that need a Username and password? Most certainly not! One strategy is to group the Web sites according to their sensitivity into three groups. The highly sensitive ones such as banks, employment records, retirement accounts, investments and brokerage accounts I include in Group 1. E-mail accounts, health insurance and credit cards I include in Group 2. All other miscellaneous Web sites that we go to such as retailers, travel sites and the like I include in Group 3. Set up a separate password as indicated above for each Web site group. Another strategy is to adopt a scheme such as including the first three letters of the Web site address (following the www) as the last three characters of the password we generate with a sentence as described above, thus literally establishing a separate password for each Web site.
These are general guidelines for managing our identity in the online world. You can creatively adapt these ideas to fit your needs.
Arun Marballi has worked in the Information Technology arena for more than 20 years with extensive experience in software development, process design and network/workstation management. For comments, questions, tips or suggestions, e-mail [email protected].
|
Contact Information
Anything that appears in Khaas Baat cannot be reproduced, whether wholly or in part, without permission. Opinions expressed by Khaas Baat contributors are their own and do not reflect the publisher's opinion.
The Editor: [email protected] Advertising: [email protected] Webmaster: [email protected] Send mail to [email protected] with questions or comments about this web site. Copyright � 2004 Khaas Baat.
Khaas Baat reserves the right to edit and/or reject any advertising. Khaas Baat is not responsible for errors in advertising or for the validity of any claims made by its advertisers. Khaas Baat is published by Khaas Baat Communications.
|