Privacy Tip #49 – Use a Passphrase Instead of a Password

Linn Freedman
Robinson+Cole Data Privacy + Security Insider
Contact
LinkedIn
Facebook
X
Send
Embed

I love to train employees on data privacy and security. It tends to be rather entertaining as I can tell crazy stories about real life scenarios about data breaches or compromises. The stores are quite beneficial, as most employees say “I would never do that!”

One of my favorite stories to tell, as it is a common mistake and people in the audience always nod when I tell it, is of an employee of a vendor, who downloaded the names, addresses, dates of birth, and Social Security numbers of all of the employees of a company onto a laptop and took the laptop home to work on the data over the weekend.

The employee’s apartment was broken into over the weekend and the laptop was stolen. I got the call on Monday morning asking what they needed to do. My first question was “Was the laptop encrypted?” The answer was “No, but it was password protected, but the employee couldn’t remember the password, so they wrote it on a yellow sticky note and stuck it in the inside of the laptop.” Ugh. So the thief got the laptop, the password, and all of the employees’ personal information, including their Social Security numbers. That folks, is a reportable data breach.

The point is that passwords are a pain in the you know what. No one can remember a complex password, and they have to be changed every 60 days. It continues to be a thorn in all employees’ sides.

My favorite password tip is to use a passphrase instead of a machination of different letters and numbers. For instance, “Myfavoritecolorisred!” My favorite color IS red, and I can remember that when I sit down at the computer. It has a capital letter, is long and complex, and has a symbol at the end. Most security guys approve of it. And if I can remember my password, I won’t be dumb and write it down on a piece of paper and put it in my top drawer (really, do you think that is such a trick?) or on a sticky note on my desktop.

I have been giving this tip for years, and now a new study from Carnegie Mellon University has confirmed the tip by saying it is a best practice.

So when you get to work tomorrow, change your crazy password that you can’t remember to a passphrase that you can remember. But don’t use the same one at work as you use at home. Use another phrase that you can remember from your personal life, like “Mydog’snameisRover”. Um, but don’t use your real dog’s name as hackers can figure that out from your Facebook page…

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Robinson+Cole Data Privacy + Security Insider | Attorney Advertising

Written by:

Robinson+Cole Data Privacy + Security Insider
Robinson+Cole Data Privacy + Security Insider
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Robinson+Cole Data Privacy + Security Insider on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide