{"id":2141,"date":"2021-07-16T01:18:28","date_gmt":"2021-07-16T01:18:28","guid":{"rendered":"http:\/\/kmccullough.com\/kblog\/?p=2141"},"modified":"2021-07-12T12:49:07","modified_gmt":"2021-07-12T12:49:07","slug":"password-rant","status":"publish","type":"post","link":"https:\/\/kmccullough.com\/kblog\/password-rant\/","title":{"rendered":"Password Rant"},"content":{"rendered":"<p><a href=\"https:\/\/kmccullough.com\/kblog\/wp-content\/uploads\/2021\/03\/Password.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\" wp-image-2143 alignleft\" src=\"https:\/\/kmccullough.com\/kblog\/wp-content\/uploads\/2021\/03\/Password.jpg\" alt=\"\" width=\"274\" height=\"182\" srcset=\"https:\/\/kmccullough.com\/kblog\/wp-content\/uploads\/2021\/03\/Password.jpg 400w, https:\/\/kmccullough.com\/kblog\/wp-content\/uploads\/2021\/03\/Password-300x200.jpg 300w\" sizes=\"auto, (max-width: 274px) 100vw, 274px\" \/><\/a><\/p>\n<p>My bank recently demanded that I change password. I know that it\u2019s a good practice to change passwords periodically, so I understand why they did it. It\u2019s an annoyance but an understandable one and I go along. But then they posted this on the password change page:<\/p>\n<p>Best Practices for Stronger Passwords<\/p>\n<p>Use:<\/p>\n<ul>\n<li>A unique password not used anywhere else.<\/li>\n<li>UPPER and lower case letters along with numbers and special characters<\/li>\n<li>(@,%,&amp;,#).<\/li>\n<\/ul>\n<p>Don&#8217;t use:<\/p>\n<ul>\n<li>Your username or email address.<\/li>\n<li>Personal information (your name, phone number, etc.).<\/li>\n<li>Common words or phrases in your password.<\/li>\n<li>A password you&#8217;ve previously used with us.<\/li>\n<\/ul>\n<p>Avoid:<\/p>\n<ul>\n<li>Writing down your password.<\/li>\n<li>Sharing your password with anyone.<\/li>\n<li>Saving your password in a browser.\u201d<\/li>\n<\/ul>\n<p>Can you see the problem here? They want you to create a unique password that doesn\u2019t use anything that\u2019s easy to remember, then they tell you not to write it down or save it in your browser.<\/p>\n<p>Excuse me? At my age it\u2019s hard to remember my own birthday \u2013 and it happens to coincide with a major holiday! They think I\u2019m going to remember a long password full of strange characters with no logical relationship to each other? Worse yet, every other one of the hundred or so sites I log into periodically insists on the same thing.<\/p>\n<p>So\u2014major confession here\u2014I write down my passwords. They\u2019re in a small notebook that lives in my desk, though not in an obvious place. And I work from home, where I live with just my husband. I figure if someone steals my password book, even if they can figure out my system and my handwriting, I have more serious problems than someone getting into my online accounts.<\/p>\n<p>Even back when I worked in an office, I wrote down my most important passwords and kept them on a piece of paper in my wallet. I guarded it closely.<\/p>\n<p>Obviously we need a better system.<\/p>\n<p>Two-factor authentication is one approach. I find it annoying, but it does provide some extra security. A password keeper like LastPass is also an option, but, honestly, I have a trust problem with all of the companies that provide the software. After all, one hack into their system exposes everything!<\/p>\n<p>Biometrics (like the iPhone\u2019s fingerprint or facial recognition for login) is even better, but it has to be built into the hardware and we\u2019re a long way from that across the board.<\/p>\n<p>So for now, I use long, complicated passwords to foil would-be brute-force attack hacks. I write them down because I can\u2019t remember them, and do my best to keep the written copies secure. I hope someone can come up with a better and more secure system to protect us.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>My bank recently demanded that I change password. I know that it\u2019s a good practice to change passwords periodically, so I understand why they did it. It\u2019s an annoyance but an understandable one and I go along. But then they <span class=\"excerpt-dots\">&hellip;<\/span> <a class=\"more-link\" href=\"https:\/\/kmccullough.com\/kblog\/password-rant\/\"><span class=\"more-msg\">Continue reading &rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[199,64,1],"tags":[200,201],"class_list":["post-2141","post","type-post","status-publish","format-standard","hentry","category-computer-stuff","category-musings","category-uncategorized","tag-passwords","tag-security"],"_links":{"self":[{"href":"https:\/\/kmccullough.com\/kblog\/wp-json\/wp\/v2\/posts\/2141","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kmccullough.com\/kblog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kmccullough.com\/kblog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kmccullough.com\/kblog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kmccullough.com\/kblog\/wp-json\/wp\/v2\/comments?post=2141"}],"version-history":[{"count":3,"href":"https:\/\/kmccullough.com\/kblog\/wp-json\/wp\/v2\/posts\/2141\/revisions"}],"predecessor-version":[{"id":2209,"href":"https:\/\/kmccullough.com\/kblog\/wp-json\/wp\/v2\/posts\/2141\/revisions\/2209"}],"wp:attachment":[{"href":"https:\/\/kmccullough.com\/kblog\/wp-json\/wp\/v2\/media?parent=2141"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kmccullough.com\/kblog\/wp-json\/wp\/v2\/categories?post=2141"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kmccullough.com\/kblog\/wp-json\/wp\/v2\/tags?post=2141"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}